Why Ransomware Is Jeopardizing the Legal Profession and What You Can Do About It

A recent article from the American Bar Association (ABA) points out that industries like the legal profession were once thought to be immune from ransomware and cyberattacks because their data wasn’t worth as much to cyber criminals like credit data and other personal information. Not so anymore, as these hackers recognize the valuable information found within a law firm—client intellectual property, M&A transaction agreements, trade secrets, and other confidential business information they can leverage for ransom.

That’s why it’s no surprise that the ABA’s 2021 Legal Technology Survey found that 25 percent of law firms responding said they had experienced a data breach. And the Verizon 2022 Data Breach Investigations Report found that professionals had the highest number of security incidents of any industry last year.  

The ABA survey also found that only 53 percent of respondents have a policy for managing data retention by their law firm. Even worse, only about one-third of respondents said they have an incident response plan, with that number sinking to just 12 percent in solo firms and 21 percent in firms with 2-9 attorneys. In large firms with 100+ attorneys, that number jumps to 80 percent, but that means 20 percent—a considerable number of firms—still don’t know how they will recover from an incident.

But if a hacker does get into your law firm’s data—via ransomware, malware, or another cyberattack vector—the mere threat of it being exposed is probably enough to make you seriously consider paying the ransom. And in a business that typically bills by the hour, downtime caused by ransomware can be incredibly costly. But your actual costs will likely be much higher, with another report finding that the average cost of a ransomware attack was a breathtaking $4.62 million in 2021.

Now that the impacts are clear, what can you do to prevent ransomware from costing your firm a fortune?

Put a Disaster Recovery Plan in Place (and Test It)

Don’t be one of the two-thirds of law firms without a plan. Our guide, How to Build a Disaster Recovery Plan, is a great place to start so you can understand what’s involved. The Cybersecurity and Infrastructure Security Agency (CISA) hosts the StopRansomware website with a wealth of resources to help you be prepared, including an on-demand incident response training series.

As you build out your disaster recovery plan, you’ll need to consider your return time objective (RTO) and return point objective (RPO) and deploy a solution that meets those objectives. And you need to test your plan regularly to ensure it will perform as expected if—or when—disaster strikes.

Tighten Your Data Access Controls

It’s worth considering moving to a zero-trust security strategy, where you eliminate trust from your infrastructure by denying access to everyone. Instead, a variety of technologies like multi-factor authentication (MFA) and role-based access controls RBAC) only grant permissions to the right people at the right time. Zero trust gives you a multilayered defense that minimizes potential breaches.

Teach Your Team About Cybersecurity

Because they are your first line of defense, the more you focus on helping everyone in your firm understand their role in cybersecurity, the better your data is protected. We outline eight ways your people can help reduce the risk of ransomware in this blog. And it’s worth committing to regular, ongoing training to build a cyber-aware culture that helps everyone recognize phishing and ransomware attacks and understand that they should never click on a suspicious link or attachment.  

Invest in Prevention Technologies (and Keep Everything Up to Date)

Your second line of defense is today’s prevention technologies, from firewalls to antivirus software, intrusion detection systems (IDS) to endpoint protection. And keep all of your systems patched and updated to eliminate vulnerabilities. The recent Apache Log4j vulnerability—found in many web and server applications—is one example exploit where patching is crucial to protecting your data.

Protect and Back Up Your Data (and Make Sure It Can Be Recovered)

Your last line of defense—your data protection, backup, and recovery solution—could be your most important investment because it should make it possible for you to still recover with certainty if all else fails. Your solution should make it easy to back up and recover your data and fit your specific requirements.

DRaaS: Disaster Recovery in the Cloud

Cloud-based disaster recovery as a service (DRaaS) gives you backup and disaster that protects your on-premises business systems and data in a cloud purpose-built for total business continuity. While your local backups may be enough to recover from a server failure or other common problem, a site-wide disaster will destroy those backups. That means big-time downtime.

Arcserve DRaaS gives you advanced recovery options so you can run your network in the Arcserve cloud just as you’d run it onsite. That will keep your firm humming along, no matter what. It also takes just one click to test or start a site-wide failover process. Arcserve DRaaS also offers you the option to use Virtual Machine Policy to configure the sequence, order, and timing for each mission-critical system.   

Arcserve UDP: One Platform for Every Data Protection Capability

Arcserve UDP unifies data protection and prevents cyberattacks across on-premises and off-premises workloads with orchestrated recovery. The solution delivers all-in-one data and ransomware protection that neutralizes ransomware attacks, restores your data, and ensures disaster recovery (DR).

Safeguarded by Sophos Intercept X Advanced cybersecurity, Arcserve UDP uses deep-learning server protection, immutable storage, and offers scalable onsite and offsite business continuity. This multilayered approach provides complete IT resiliency for your virtual, physical, and cloud infrastructures.

It's Time to Tell Ransomware to Cease and Desist

While there is no way to prevent ransomware, malware, and other cyberattack vectors from coming your way, there is a way to make sure their impact is minimized. Start by talking to an expert Arcserve technology partner to help identify the right solution for your firm. Or contact us for more product information.