Ransomware. Even the mention of the word sends shivers down most IT support people's spines. The only thing worse than being told that you've been infected by a virus preventing you from getting to anything on your network, is being told that you have to pay someone $'s to get to it!
Look at the example of the firm DLA Piper who announced that not only were they hit by ransomware, but that they had to pay to get their information back. The first thing that ran through my mind was NOT why did they pay, but rather why did they have to pay. Clearly they didn't have a backup.
There are a number of things that your firm should be doing in the normal day to day of running your IT that would not only limit the probability of being hit, but more importantly, if you do get hit, ways to ensure that your law firm will function with simply a blip as your IT team responds.
The following are 8 key items that every law firm should have in place to ensure you're as prepared as possible to prevent ransomware as well as being prepared to limit your exposure should you be hit:
- Make sure your users are properly trained and aware of potential threats. Your users are your front line of defense. From a technical perspective, you can have the most secure network in the world, but it's only as tight as your users who are on it. If someone clicks on the wrong link or goes to the wrong website, you can easily be compromised.
- Conduct training with pseudo phishing attacks. This is so that your users can learn what phishing is all about and how to react to seemingly innocuous emails.
- Implement security policies within your network to lock down user rights and remove local administrator level rights from users. This prevents most ransomware from running because the program simply doesn't have the rights to do so. We use a GPO (Group Policy Object) for our clients to do this. This ensures all new users to the network are covered by this policy automatically.
- Ensure all of your computers on your network are protected by a current and business level Anti-Virus system and that it's being managed by someone. It's critical that that your Anti-Virus is kept up-to-date at all times.
- Ensure that your email system is protected by an enterprise level Anti-Spam system. This is an add-on that would even help large scale, hosted email systems like Office 365. Often times this can be incorporated into an "Intrusion Protection System" as part of a firewall offering as well.
- Ensure that your network is protected by an enterprise level firewall. In addition, it's critical that it's configured correctly and that it's continuously monitored.
- Implement a methodical and disciplined patch and upgrade procedure. Again, having a proactive approach to managing your IT is critical to your business success. Make sure that all of your workstations and servers are updated with the latest security patches provided by the vendors. Make sure to keep the firmware up-to-date on all of your network devices as well (switches, routers, and firewalls). This is an often overlooked vulnerability.
- Implement a solid backup approach leveraging a solution built on imaged based backups. This too isn't a set it and forget it mentality. As most law firm do, they pride themselves on their attention to detail in their legal work. Too often this doesn't flow through to their IT. Make sure your backups are tested on a recurring basis so that you know they work. There's nothing more frustrating than needing a backup only to find out that it's no good.
It can't be stressed enough the importance of this last bullet point. Too often, without a reliable backup you're just dead in the water when responding to a ransomware attack.
Keep in mind, everything listed are of great importance by themselves. Taken together, they represent the proper approach to running your IT. These are all real and meaningful ways that will make a difference in your ability to prevent your network and your business from being susceptible to a ransomware attack.
That said, backup, backup, backup! Remember DLA Piper. Their (lack of a) backup cost them hundreds of thousands if not millions of dollars, let alone all of the time they were down!
Have you or do you know of anyone who's been hit by ransomware? Share your experience with us in the Comments section below or shoot me an email if you'd like to discuss this further.
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and see how you're doing.