Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Ten Things Law Firms Can Do to Prevent Being Blown Up by Ransomware

January 25, 2021

On January 24, Security Boulevard had a good post about winning the war against ransomware. Not that there is anything startlingly new here, but it's nice to have the top ten tips in one place.

The nightmare of ransomware happens with blinding speed. Here's how the post described it.

"An employee clicks a link in a phishing email, or a VPN vulnerability is found and exploited, or the attackers have purchased access into your environment, and they get an initial compromise. They employ pen-testing type techniques to explore the environment. They delete your online backups and exfiltrate all your data. Then they push out a ransomware binary, using your own infrastructure against you to deploy it everywhere. Suddenly, employees are looking at a message telling them all their data has been encrypted and a ransom must be paid to get it back."

So, what you can do?

Get a good cyber insurance policy.
Maintain, test, and secure backups so they can't be deleted or encrypted.
Control or disable network services. Stop using Remote Desktop Protocol!
Use an endpoint detection and response solution, which monitors for behavior indicating malicious software or an attacker.
Install patches promptly.
Train and test employees on phishing and other dangerous user behaviors on a regular basis. Have a process for employees to report suspected phishing emails to IT.
Restrict privileged access and deploy a privileged access management solution.
Build decisions about ransomware attacks into your incident response plan.
If you get hit with ransomware, retain a law firm with cybersecurity expertise. The firm will help you retain other experts.
Decide whether you will reimage or fix in place.

The post expands on all of these topics so read the whole thing!

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Ten Things Law Firms Can Do to Prevent Being Blown Up by Ransomware

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer