Managing the risk of ransomware in law firms

A recent study claims that one in two South African law firms have had at least one ransomware attack in the past two years.  And if you have had a ransomware attack, you will know just how much it cost you to recover from it.  But how do you protect your systems from ransomware?

Norton Anti-Virus offers this advice:

“Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees. 

There are a few dos and don’ts when it comes to ransomware.

  1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
  2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
  3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your co-workers receive suspicious calls.
  4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
  5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
  6. Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
  7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton WiFi Privacy.”

While this is all great advice, in practice it is extremely difficult for small to mid-sized firms to protect themselves.  Even if they have great AV and firewall protection, often all it takes is for an employee to open up a problem email, attracted by a SARS refund, or any number of other false claims by criminals.  And it doesn’t help that many users have “password” as their password!

If you are confused by all the talk of firewalls, anti-virus, VPN’s and the like, don’t worry – You’re not alone.  That’s why most small to mid-sized law firms in South Africa contract this stuff out to third-party IT companies, usually at significant cost. (Especially if you get hit by ransomware!)

That’s why AJS Legal Accounting and Practice Management software has introduced its new ransomware-resistant hosting service – for peace of mind.  In the past, law firms didn’t trust hosting, but nowadays it is far more secure than having a server installed in the firm’s offices.  In fact, industry experts are forecasting that by the end of 2020 over seventy percent of firms will host some (or all) of their systems remotely.

There are a number of reasons why hosting is becoming mainstream:

  1. Hosted servers cannot be stolen. Data centres are extremely secure.
  2. Hosted servers don’t need expensive IT resources to maintain them.
  3. This allows firms to budget for a fixed monthly rental.
  4. AJS hosted servers are ransomware resistant.
  5. Backups are performed daily, weekly, monthly, yearly.
  6. Hosted servers typically have an uptime of more than 99%.
  7. Users can access their information from anywhere.
  8. Hosted servers provide a complete disaster recovery solution.

Even if you have the latest firewalls and anti-virus software, it is likely that your firm will be hit by ransomware at some stage in the future.  That’s why a hosted accounting server makes such sense.

For more information email sales@ajs.co.za or call us on 0861 265 376.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

sixteen − 9 =