October is National Cyber Security Awareness Month and OBLIC is participating by providing a bonus series of alerts to raise awareness of specific cyber threats facing law firms with recommended practices to help protect you and your firm.
Week #1—Yes, it Could Happen to You
Lawyers who ignore cyber security advice often believe their practice is too small to be targeted by cyber criminals or assume that their firm already has it covered. These assumptions put lawyers in both camps at risk of a cyber-attack.
“My practice is too small to be a target.” Most cyber criminals don’t target victims based on the quantity or value of the data to be held for ransom (with some exceptions). The business of cyber-crime is increasingly becoming more sophisticated. Software can now scan computer systems seeking to identify those with security weaknesses to be exploited. This data is often mined by one criminal enterprise and sold to another. The purchaser can then use the data to install ransomware on many systems with the same security weakness. Law firms can become a target of this kind of broad-based attack by ignoring cyber security advice, regardless of the quantity or value of the data stored.
“My firm probably has it covered.” Statistically, law firms appear to be relatively ineffective at protecting themselves against cyber-attacks. The professional services industry suffered more ransomware attacks in the first quarter of 2021 than any other industry. Businesses with 10 to 100 employees were also harder hit than businesses of any other size.
So, what do you do about it?
(1) Educate yourself. Pay attention to cyber security alerts. Take advantage of the following educational resources:
- OBLIC’S Cyber Toolbox provides resources and training information exclusively to OBLIC policyholders on our website. Websites for the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigation also provide guidance for protecting against cyber-crime. You can use CISA’s Ransomware Guide in consultation with your IT professionals to ensure that appropriate protections are in place to avoid a cyber-attack.
(2) Educate your staff. Cyber security measures are only effective if they are properly implemented by all employees. Next week we will discuss best practices to avoid any weak links.
(3) Implement cyber security advice timely. Don’t wait for a cyber-attack. Work with your IT professionals or use the resources provided above to avoid being a target of cyber-crime and to plan in case of an attack. In Week #3 we will give you our recommendations for developing a solid incident response plan.
(4) Make sure that you are covered. Identify your resources in case of an attack. Familiarize yourself with agencies tasked with combating cyber-crime that may be able to help. Make sure that you understand the insurance coverage available. We will close out the month with a discussion about these resources.
If you have any questions or need help navigating these resources, give us a call. We are happy to help.
Gretchen Mote, Esq
Director of Loss Prevention
Monica Waller, Esq.
Senior Loss Prevention Counsel