Practice Resilience

Protecting Your System

Testing Your System

Every business, including law firms are targets for ransomware, phishing and other threats. A successful attack can be costly financially and with mandatory reporting now in force, your firm’s reputation could be damaged beyond repair.

To minimise the risk of falling victim to ransomware or other cyberattack do the following:

Understand that every firm, whether you are a solo practitioner or part of large law firm, is a target for ransomware and other attacks. No firm or bank account is exempt.

Hackers target multiple points to attack your firm. The main way attackers gain entry to your firm and its data is through your email system. Other points of entry are your website, applications you may have on the web, through staff computers and their phones. You should pay attention to all these areas. Sticking a firewall behind your internet connection is no longer enough.

Ensure that your cloud applications like Office 365 or practice management software are managed and monitored to ensure there are no gaps.

Educate your staff on what is expected of them and have clear procedures in place on how you treat your data and confidential information. threats like phishing, typo-squatting and social engineering are always evolving. the australian defence signals directorate have set of procedures that will mitigate up to 85% of attacks. you can download copy>

All laptops and phones should be part of your security policy. Once those devices leave the office they are outside the firm’s control and the security provided by your firm’s network.

Many successful attacks use known vulnerabilities, vendors issue updates and patches to eliminate them. Keep your systems and applications updated. That is a major advantage of cloud applications, they are automatically kept up to date. Never use obsolete software that is no longer supported with security updates.

Install an email scanning solution to remove malicious code and links before they can be clicked on. Your applications (both locally and cloud based) should be scanned regularly to patch any vulnerabilities.

Install a threat protection system. These are provided by several vendors, including Microsoft, they monitor 10,000’s of organisations to detect threat outbreaks in real time and proactively prevent these threats taking hold in your firm.

A solid reliable backup system is mandatory. In the event of a successful attack your firm can be back up and running in a matter of minutes or hours without having to pay $1,000’s in ransom to criminals.

Keep your security implementations simple to make management easy. If things become too hard they tend to be ignored and that can lead to a system failure and possible successful cyberattack.

The following is a summary checklist when implementing cybersecurity for your firm:

    • appoint a manager that is responsible for its implementation and enforcement;
    • classify the data in your firm depending on how valuable it is;
    • ensure your data is encrypted;
    • use strong passwords;
    • employ multiple methods of authentication for access to your system;
    • control how devices brought into the firm by staff and visitors are used;
    • keep a register of all people and devices that can access your network;
    • audit all third-party vendors that have access to your network;
    • have a working backup of your data;
    • make sure the office and your devices are physically secure;
    • provide regular education sessions for your staff on cybersecurity;
    • audit and test your cybersecurity practices on a regular basis; and
    • have a response plan prepared in the event of a data breach.