10 ways to increase your firm's resilience to a ransomware attack

David Fleming, chief technology officer at Mitigo, gives 10 actions you can take to stop your firm from experiencing a ransomware attack.

We’ve seen too many partners having to endure it. The awful realisation that digital criminals are inside your firm, stealing and encrypting confidential personal and business information, and using it to blackmail you.

You know for sure that your business is going to be severely damaged, and you’re going to have to explain yourself to the Solicitors Regulation Authority, the Information Commissioner's Office and your clients.

To help you avoid this, here are our top 10 areas that law firms need to address to stop ransomware:

1. Antivirus software

Antivirus software (AS) is the application that is designed to stop malicious software getting a foothold on your devices and to prevent bad actors (hackers) taking control of your systems.

In the end-to-end journey of a successful ransomware attack, AS will have several opportunities to halt progress. Cybercriminals will attempt to switch it off as early in the journey as they can.

Make sure it is centrally controlled, configured by a security specialist, kept up to date and on every device, as a minimum.

2. Email security filters

Email platforms have filters that check incoming emails for malicious software, dodgy links and if they came from an untrusted origin.

One of the attackers’ favourite ways into a business is via an email. Setting your platform up correctly can make sure that employees are protected from this route in.

3. Web browsing controls

These controls are designed to stop or warn users they are about to visit a dangerous or fraudulent website.

To get around the AS, fraudsters will often take unwitting staff to fraudulent websites. This risk can be minimised by correctly setting the controls in the browser, the AS and the operating system.

4. Security patching

Software providers like Microsoft issue regular software updates that patch, or fix, known vulnerabilities.

Cybercriminals will use bugs in software to compromise your defences and this is often used in ransomware attacks to get control. The simple discipline of updating your software is probably the most neglected.

5. Least privilege

Every user on your system is assigned privileges that define what they can control, run and amend.

Ransomware attackers take over users’ accounts, and the more privileges a user has, the more damage the attacker can do. So, an approach of giving users the least privilege necessary should be followed.

6. Remote authentication

When working at a non-work location (such as at home), how do you tell business systems who you are, and how do they authenticate that?

Username and password are no longer good enough protection for remote connection. Adding another method of authentication would stop a significant proportion of ransomware attacks.

7. Test and scan externally facing assets

Tests and scans of firewalls, domain addresses, login pages and IP addresses will check for vulnerabilities and gaps in your security defences.

You may not be scanning these, but the criminals are! So make sure you find the open ports and poor configuration before they do.

8. Review access management

This relates to the documents, files and folders that your system allows individuals to access.

There is a generic setting of ‘everyone’ in many systems. This means that everyone connected to the system can get to the documents, you do not even have to be authenticated.

Access to documents should be defined by role.

9. Alerting and incident response

The controls and administration of your IT systems have alerts that warn you something is not right.

An incident response plan is a rehearsed set of steps that ensure businesses respond effectively to a cyber incident.

If you prepare these two things correctly, you will have a chance of stopping a ransom attack in its tracks.

10. Back-up

This is the process by which your business takes a copy of the systems, applications and documents for use in an emergency.

This is rarely configured correctly, which means that scarily few back-ups survive a ransomware attack, with everything ending up encrypted. Get yourself confident that yours would survive.

There is of course more to do, but if you do all of this actions thoroughly, it will dramatically reduce your risk.

If you do not understand any of the above, please contact us.

The Law Society has partnered with Mitigo to offer technical and cyber security services with exclusive discounts for our members.

Find out more about Mitigo’s cybersecurity services.

For more information contact Mitigo on 020 8191 9205 or email lawsociety@mitigogroup.com.

Maximise your Law Society membership with My LS