Cybersecurity Best Practices: My Law Firm Is Under a Cyberattack! Now What?
Law firm cyberattacks have increased drastically during the last few years. According to the American Bar Association’s 2017 Survey, 22 percent of respondents reported their firm had undergone a breach at some point, which was an increase over the previous year’s 14 percent. The trend has been increasing as hackers understand that law firms hold invaluable client data that is neatly packaged, unlike the voluminous amount of information on the clients’ own networks.
Not to dedicate too much time on the issue of the horse escaping from the barn already, but firms should have a cyberattack response plan in place before an attack. This plan should include having a disaster response team in place that includes staff not only from IT but also HR, PR, and management. Also, it is critical that backup systems are in place that completes backups every day. Finally, it’s a good idea to take out cyber insurance.
Steps to Take After a Cyberattack
1. Don’t Panic
You need to be able to think clearly and logically so that you can be proactive.
2. Secure Your Systems
AmTrust Financial suggests you immediately take the following steps:
Disconnect your internet
Disable remote access
Maintain your firewall settings
Install any pending security updates or patches
If you’ve been one of several organizations that have been breached, then follow the protocol from trusted sources on the situation. If your law firm is the only victim of a law firm cyberattack, AmTrust Financial suggests you ask yourself the following questions:
Who has access to the servers that were infected?
Which network connections were active when the breach occurred?
How was the attack initiated?
3. Do Not Shut Down Your Systems
First, if you shut down your systems, the hackers will be alerted that you have discovered the law firm cyberattack, preventing the law firm from being able to identify the hackers and being able to analyze the cyberattack. Instead, set up a VLAN or install a firewall around the compromised machine.
4. Isolate the Breach
Paranet suggests that one of the first things you do after a law firm cyberattack is to isolate the breach. This means finding out exactly where the breach occurred so that the component can be contained immediately.
The team should gather as much information as possible about the breach. According to Paranet, this means gathering information about “the effects, the source and any actions that still need to be taken to fix the damage from the attack.”
6. Set Your Backups in Place
Switch to your backup systems. This will allow you to keep the network up if the backups haven’t been damaged. To be clear, do not shut down your entire system, even though this may be the first thing you feel like you should do.
7. Notify the Clients and the Authorities
Notifying the authorities that you have been the victim of a law firm cyberattack will help you and your clients, who need to act immediately on their own behalf. It will also help your reputation with transparency issues.
8. Handle the Repercussions
Notify cyber liability insurance carrier to help with associated costs of a law firm cyberattack, such as the costs of consultants, new equipment, marketing, and other associated expenses.
Notify staff and attorneys. Also, go over protocols concerning data breaches, both for before breaches and after breaches.
It’s been said that a law firm cyberattack will occur “when, not if.” As this is the case, it is best to be prepared before the actual attack. It is critical that your law firm has developed a cyberattack response plan and that firm revisits the plan frequently.
To be frank, nothing will make a law firm cyberattack a good thing, no matter how much preparation the law firm has taken. But having the cyberattack response plan in place will certainly mitigate the damages as well as present learning experiences.
Take Action Today
Protect your law firm and take action today before any of the above occurs.