March 14, 2017

Cetrom in @Law Magazine: How Your Data is at Risk

securityThis article originally appeared in the Spring 2017 issue of @Law Magazine. By Christopher Stark, President and CEO, Cetrom on March 7, 2017.

Ransomware, a type of malicious software that encrypts files, blocks access to computer systems and then requires an anonymous payment to get it back unharmed, has the ability to make a dramatic and devastating impact on any type of business and its clients. TechTarget states ransomware is an absolute pandemic and BBC News reports that more than 120 types or “families” of ransomware currently exist.  While there have been a number of attacks on large banks and  corporations that are assured to have heavily fortified systems, hackers are also using ransomware to target smaller businesses, such as law firms.

Law firms are unfortunately targeted due to their sensitive, confidential data, such as contract negotiations, trade secrets, mergers and acquisitions, financial data, divorce details, personal injuries and more. Digital intruders know that having access to this confidential information is troubling to clients, making law firms more likely to pay to get their data back safely. In doing so, this process can cost law firms a great deal of money and will undeniably ruin even the best reputation.

While some law firms may feel they are unaffected by this cybersecurity epidemic, it only takes one click of a mouse to quickly become infected with ransomware. Oftentimes, it occurs when staff opens attachments within fraudulent emails. These emails may appear to contain important client data or a shipping confirmation, but it is just disguised malware, which can an infiltrate their computer—and any computer associated with that computer’s network. Microsoft Malware Protection Center notes your firm’s infrastructure can also become exposed to ransomware when employees access fake or suspicious websites.

Keeping your data and applications safe and secure from ransomware attacks, while increasing your clients’ awareness of malicious software, requires collaboration with your internal IT department and/or managed IT provider. Here are five things you can do to better protect your firm and clients:

1. Perform a Security Audit
As stated earlier, law firms store and access personal and confidential information on a daily basis. It is crucial that firms make certain this data is kept safe and unharmed at all times. In doing so, your firm should perform a security audit– the process of testing and identifying vulnerabilities in your organization’s IT infrastructure in order to ensure that your company assets are fully protected.

Partnering with a third-party security firm to conduct a Vulnerability Assessment or Penetration Test at least once each year can help your firm establish a security breach response plan to:
• Comply promptly with legal requirements.
• Reduce the risk of a data security breach that causes serious harm to the firm’s reputation and finances.
• React quickly to security breaches and not give the appearance of an inadequate response.
• Ultimately close any security gaps that make an organization vulnerable to ransomware.
Additionally, the planning process should allow law firms to identify:
• All of the personally identifiable information (PII) and sensitive data.
• All organizational compliance requirements.
• Procedures for analyzing and containing a potential data security breach.Once you’ve developed a disaster recovery and business continuity plan, they should be reviewed and tested each time the IT environment changes. In the event of a ransomware attack, these plans are invaluable. IT Business Edge notes that disaster recovery plans can help your firm get systems back up and running after a cybersecurity attack and that business continuity plans enable staff to remain productive while cybersecurity issues are being resolved. 2. Use Back-up Protection
When ransomware infects an organization’s IT infrastructure, it can restrict access to critical information stored within the computer system. Because of this, it is important for your law firm to be proactive in updating security measures. Your firm’s data back-up procedure is a key security measure that should be top of mind. Not only does having duplicate copies of your most important information saved in a remote location keep it safe from ransomware, but it also prevents loss of information during computer crashes and hard drive failure. To prevent any type of loss and avoid wasting precious time and money attempting to recover data, get into the habit of backing up files and documents on a daily basis. TechAdvisory.org advises small to mid-size businesses that work with critical client information to perform daily backups.Once you have established data backup procedures, you should also consider where your data backups are being stored when revamping security measures. Many organizations store their backups to on-site servers within their IT infrastructure, making their data vulnerable to attacks. To ensure your data backups will not be infected by malicious malware, you should store data backups on servers at a secure off-site storage facility or data center. This will allow your organization to restore its IT infrastructure from the most recent backup in the event of a ransomware attack.The right cloud service provider will provide guidance on cybersecurity measures and updates on looming security threats while assisting with the data backup and recovery processes to fill the gap in areas where you feel your organization’s security practices are lacking. As a result of partnering with a cloud service provider, your organization will have an added level of protection to counter ransomware threats.

3. Increase Levels of Security
Hackers tend to focus on systems that are easy to access. So the more levels of security you have, the more likely they will move on to avoid wasting time and effort.

It’s important to secure all of your systems, not just your hardware. By implementing network-wide security solutions, such as anti-virus, web filtering, firewalls and password protection, your hardware and employee devices will have the same level of security. Data should never be protected by a single password, no matter how creative or complex that single password may be. Digital intruders have the intelligence to hack into systems, track keystrokes and uncover patterns to consequently gain access to data. When a hacker has full access to private data, including emails, social media accounts, or personal and financial details, your firm is at risk to fall victim to fraudulent acts, which can result in a ruined reputation and create costly lawsuits.

With this in mind, law firms should consider implementing Two-Factor Authentication, also commonly referred to as 2FA. Two-Factor Authentication requires two of the following three mechanisms:
1. A unique username, password, number combination and/or security question only, and only, the user knows
2. A possession the user has (a smartphone, computer or tablet)
3. Inherence (a fingerprint, retina scan or face recognition)For example, Google is now requiring its users to enter a password when logging into an account. Following the data entry, a code will be sent to a user’s phone via text, voice call or the Google mobile app. The user must type in this code to gain access to his/her account. Google users even have the option to not to use Two-Factor Authentication again on that particular computer to save time in the future. Users can still be assured future safety because when anyone else tries to sign in from another computer, Two-Factor Authentication will once again be required. This technology can be implemented to better protect, not only your data, but your client’s data from cyber threats.

4. Monitor Activity

Law firms tend to fall victim to ransomware attacks because of their lack of monitoring on-going activity. By simply using a tool to monitor network activity, firms can gain visibility into existing weak entry points that have caused past breaches and use that information to avoid possible future breaches. Law firms can track activity by creating a log of past security “events” and input the data into a security information and event management (SIEM) system. This system will give you a holistic view of your entire organization’s security. By using both preventive and predictive safety practices, you should be able to ensure that your valuable data is safe and secure.

5. Educate Staff and Clients

Avoiding ransomware cannot be made possible without an educated staff and clientele. Anyone who has access to network files and data has individualized passwords to log into business applications or uses any type of device to get to the cloud needs to understand how to identify potential threats.

As mentioned earlier, emails containing suspicious attachments and fake websites can lead to your firm becoming infected with ransomware. To minimize the likelihood of your staff opening these types of emails or websites, collaborate with your internal IT department to develop and implement cybersecurity training courses. Cybersecurity training courses will help educate your staff on the different types of ransomware threats.

Firms should consider disallowing files with certain extensions in mail attachments that are unnecessary to your business and ensuring that the programs which are allowed to open attachments are up to date. Having out-of-date programs leaves too much room for error when dealing with cybersecurity threats. Administrative personnel should take initiative by only permitting approved programs to be opened and only allowing users to modify files needed to do their work. Files staff have no reason to modify should be restricted to ‘read only’ access for them.

Losing laptops, tablets and smartphones can also result in a security breach. Oftentimes, this carelessness can be an open invitation for cyber villains that are looking to compromise data. Make sure your staff is cognizant of where their laptops and mobile devices are at all times.

In addition, your organization can conduct research using websites like ID Ransomware, and follow IT-related current events in order to alert your staff to the different variations of ransomware that are striking companies across industries. Once your employees become well-versed on threats and how to avoid them, then they can pass along their knowledge to your clients as advisory services.

Examining your IT infrastructure, updating security measures, and educating staff and clients will help you protect not only your organization, but your client base.

While keeping up with cybersecurity threats in an IT industry driven by constant innovation can be challenging, relying on your IT department and providing them with the resources they need to stay informed will enable them to keep you up and running at all times. And if they appear to be falling behind, don’t be afraid to see outside help. A cloud service provider with extensive experience and knowledge can help beef up your security practices.

Besides providing the best legal services to your clients, your firm’s top priority must be keeping your IT infrastructure and your clients’ data safe from any cybersecurity threats, including ransomware. Ransomware isn’t going away any time soon- if anything, these types of malware will continue to become more dangerous- so consider taking these steps now.

Cost-Benefit Analysis of Investing in a Stronger IT Security Solution

In health, experts often use the popular adage, “an ounce of prevention is worth a pound of cure.” In other words, it’s easier to work hard to..
September 20,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

News Archives

See all

Cost-Benefit Analysis of Investing in a Stronger IT Security Solution

In health, experts often use the popular adage, “an ounce of prevention is worth a pound of cure.” In other words, it’s easier to work hard to..
September 20,2021

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

News Archives

See all
Is Cetrom Your Cloud Services Solution?