As I was reading the June issue of the Colorado Lawyer, produced by the Colorado Bar Association, one of the opening articles caught my eye: “Best Practices for Law Firms During a Pandemic” addressed security in remote working situations. This made me think – how are the attorneys I work with affected, and can I help?
The National Law Review noted that ransomware was one of the three top cyberattacks affecting firms. The article discusses investing in intelligent IT systems is one way to protect against such attacks. Stating that one in four organizations in the US will be breached, it points out that lawyers will lose $4.62 million dollars for every breach. Advising that you must anticipate data breaches, the article recommends that spending the money on intelligent IT is cheaper (and less of a headache) than dealing with breaches.
What is ransomware? It’s defined as “a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid…[M]ore advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them…Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.”
So, how does this apply to in-house counsel? Law.com published a set of points to guide them in addressing these new challenges in light of COVID-19. Even during normal periods, ransomware would be a worst-case scenario for in-house counsel, as you’re locked out of your data and blackmailed to pay for access.
Even after payment, there is no guarantee that the attackers will return access or that the data will be intact. But, let’s say you pay and everything is restored, or you have your data backed up so you can refuse to pay. Is all hunky-dory now? Unfortunately, no.