Skip to the main content.
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

← Blog Home

Rethinking Your Backup Strategy in Light of Ransomware Threats

3 min read

Rethinking Your Backup Strategy in Light of Ransomware Threats

(Updated May 19, 2023)

You’ve got a very serious problem on your hands should your firm’s computer network ever become infected with ransomware, which is a type of malware that either uses encryption to permanently block access to your data until a ransom is paid or enables the hacker to steal and then threaten to publish your data unless a ransom is paid. Often, it’s both. Whether you pay the ransoms or not, and I advise not, you are going to need the services of an IT specialist. And understand there are no guarantees here. She, he or they may or may not be able to completely restore the network, even if the hacker turns over a decryption key after you’ve paid one of the ransoms.

It’s important to also know that ransomware can infect your network via multiple channels, many of which involve some form of social engineering.  One common attack vector looks like this. Someone in your firm is tricked into opening an attachment in an email that purports to be a business document or invoice.  That’s all it takes. Once enabled, the malware will start to encrypt your data. 

Making matters worse and depending upon the specific family of ransomware you’ve been hit with, the ransomware can replicate itself and spread across an entire network, can scramble the file names of all encrypted files, can run several different encryption programs in a single attack, can identify and erase restore points, can erase all the data on the hard drives, can be programed to delay executing in order to infect backups, and the list goes on.  In short, any cybersecurity specialist brought in to try and address the situation is going to be facing an uphill battle trying to recover anything. 

Again, there are no guarantees in terms of the having the ability to recover from a ransomware attack. Cybercriminals continually work to improve the effectiveness of their tools. Certain strains of malware can now even jump to the cloud, many have been engineered to evade detection by antivirus software, and as stated above, can be programed to delay running. In light of all this, the institution of an effective backup process has become a critical component to an overall defensive strategy against ransomware and other forms of cybercrime. 

Best practices today dictate having at least three copies of all your data, utilizing two different media formats, one of which must be maintained off site. For example, you might utilize an external hard drive and a cloud backup provider. An approach like this would allow you to have access to a copy stored locally in case your internet connection is down, and post ransomware attack, the cloud backup may be the only good backup available to the cybersecurity specialist as they try to help you recover. That said, a few side notes are in order.

1) Since ransomware can map drives and infect everything connected to the network, always disconnect backup drives (e.g., any external USB drives) from the network once the backup process has completed.

2) While cloud backups can be your salvation in the event of a ransomware attack, as with any backup process, sometimes the backup data set becomes corrupted.  Thus, having multiple versions of the backup in the cloud is a good idea.

3) Given the rise of time-delayed attacks, maintaining an archive of backups locally or in the cloud would be another prudent step to take.  Yes, while losing a month or two’s worth of data might be difficult if all your current backups become infected, archived backups serve a fallback making sure you don’t lose everything. 

4) Look for cloud backup providers that allow you to control the encryption key as a way to prevent anyone else from accessing your data.

Even with a well-designed backup process in play, the best defense to threats such as ransomware is an effective offense because, and for the last time, there are no guarantees that a full recovery is going to be possible.  Often, it’s not.  So, in addition to instituting a backup process along the lines presented above, every firm regardless of size should prioritize mandatory ongoing training for all staff and attorneys.  The training should focus on social engineering awareness to include presenting real-world examples that not only demonstrate how these types of attacks continue to evolve but also provide tips on how to spot them.  Finding quality training like this, however, can be a bit of a challenge for some.  To help with this, consider working with a security company like KnowBe4 whose entire focus is geared toward this kind of training.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.

How to Secure Your Smartphone

3 min read

How to Secure Your Smartphone

Smartphones can be a significant cybersecurity risk, in part because many owners take a lackadaisical view when it comes to properly securing them...

Read More
ALPS In Brief Podcast — Episode 29: Falling in Love with the Cloud

15 min read

ALPS In Brief Podcast — Episode 29: Falling in Love with the Cloud

On this special Valentine’s Day episode of ALPS In Brief, Mark sits down with Joshua Lenon, lawyer in residence and data protection officer for Clio

Read More
Why Would A Small Law Firm Be An Attractive Target For A Cyber Criminal?

1 min read

Why Would A Small Law Firm Be An Attractive Target For A Cyber Criminal?

Regardless of size, any and every law firm is an attractive target for a cyber criminal. Think about it. Law firms serve clients of all shapes and...

Read More