Nearly four out of every 10 businesses were hit by some form of ransomware attack in 2021.
These weren’t old-fashioned cyber attacks, where your computer is hacked and your data encrypted, followed by a ransom demand that must be paid before the data is unencrypted.
These new attacks are far more insidious.
“Now a ransomware attack may first steal your data and before encrypting it,” writes technology strategist Don Philmlee in this article for Thomson Reuters. “If you don’t pay the ransom, sensitive data is released to the public — and, even if you do pay the ransom, the hackers can make a second ransom demand in exchange for deleting the data they are holding (which they may or may not do). To make matters worse, recent ransomware attacks also attempted to search out and destroy the victims’ backup systems.”
In his article, Philmlee says 37 percent of businesses were hit by ransomware in the year 2021, and he outlines strategies for staying safe.
Why choose Alta Pro Lawyers Risk Purchasing Group over other legal malpractice programs? Because Alta Pro RPG gives insured law firms exclusive access to valuable practice resources and cost-saving programs. When you join the Alta Pro RPG, you can use our Pro Practice Resource Center, filled with practical pointers and risk management tools to keep your law firm safe and soaring. Plus you get exclusive access to free CLE webinars, like our recent, highly popular program on Basics of Cannabis Law. Also: discounts on office essentials, Ask the Risk Pro, malpractice defense hotline and more. Don’t miss out on these fantastic perks. If you’re already a policyholder with Alta Pro but haven’t yet created your RPG account, here’s how to do it.
Four Steps to Thwart a Ransomware Event
Here are steps Philmlee suggests you can take to minimize your ransomware risk:
Step One: Have a Plan
Everyone at each level of the organization or firm should know their roles and responsibilities. The easiest place to start is by modifying your business continuity plan or an incident response plan to include ransomware or other cyber-attacks.”
The first action step in your plan should be to identify and contain the attack to the extent possible. You might also consider engaging a ransomware negotiator or expert to help guide you through the hostage situation.
Step Two: Communicate
“Now is not the time to shut down and shut up,” writes Philmlee. “As a victim of ransomware, you may be obligated to inform various interested parties including law enforcement, employees, customers, business partners, insurance companies, members of the media, and the public. Most critically, you need to inform the FBI’s Internet Crime Complaint Center, your insurance company, and your internal or external legal counsel (in case the attack precipitates litigation).”
Step Three: Do a Postmortem
“Now it’s over, heave a big sigh of relief and start reviewing your performance,” writes Philmlee. “How did your organization respond? What could have be improved before, during, and after the attack? Document this analysis and make whatever changes are needed for the next time.”
Consider bringing in a third party for this assessment. An outside opinion and fresh set of eyes are always helpful.
Step Four: Prepare for the Next Attack
Action items include: make sure you have good data backup; obtain cyber liability insurance; test your firm; schedule simulated ransomware attacks; train your staff; hold a special firm retreat to discuss cyber threats and strategies; monitor your online footprint.
Do you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan? Is your professional liability coverage managed through Alta Pro Insurance? If so, you are automatically a member of the Alta Pro Lawyers RPG. All you need to do is sign up to start enjoying benefits like cash discounts on Clio practice management products, free CLE webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.