Cybercriminals tend to target industries that are the most dependent on the timely availability and strict confidentiality of their business-critical information. This means law firms are at high risk, since they are often moving data to cloud-based case management, record searching, research and communication platforms. With both on-site and cloud-based data storage, it’s increasingly important to protect clients’ sensitive case information against these threats.
In the past year, cyberattacks were reported on several major law firms, not to mention the widely reported Panama Papers leak from Mossack Fonseca. Critical information — such as client trade secrets, corporate data and confidential information about deals, cases and transactions — is being actively targeted by hackers.
In addition to targeting businesses that are the most dependent on their critical information’s timely availability and strict confidentiality, cybercriminals target organizations they suspect won’t have sufficient detection or prevention technologies, recent backups of their data, or adequate disaster recovery solutions in place. In the case of small law firms and solo practitioners, hackers know these organizations might even lack IT professionals or only have a small department to fight against breaches or ransoms. For these reasons, smaller firms may be more apt to pay intruders when a ransomware attack happens. But, as with any ransom situation, the payments are self-fulfilling to fuel continued growth in cybercrime.
What Law Firms Could Be Doing Better
While there is no iron-clad safeguard against malicious software, implementing an effective business continuity and disaster recovery plan can give law firms confidence in continuous protection of critical data from cyberattacks. Law firms may have more options than they realize to ensure full protection of critical data. The best way to protect a law firm is to have both backup-based and replication-based disaster recovery.
Backups: Law firms can use a backup solution to combat an attack by periodically making copies of files. Choose a solution wherein your copies of data are stored offline in a separate physical location to ensure the information will not be impacted during an online attack. While this is an effective solution, realize it may increase the time to restore access to information as these copies will need to be retrieved in an event. This has an added advantage of recording the disposition and custody of information. You may, however, suffer some incremental data loss in the event of an attack, since backups will not likely be performed frequently enough to account for all recent changes.
Replication: This option replicates your critical data to an off-site location. You can choose to perform the replication in timed increments or in real-time as changes to data occur. This is the best option if system recovery must happen within minutes to, potentially, hours after an attack. With replication, in the case of a cyberattack, you’ll be able to access your ongoing case or transaction information quickly because it will be stored in a readily accessible location. However, if an attack is not caught early enough and the replication process is not stopped immediately, it could end up sending corrupted or compromised data to your off-site location, affecting everything there, too.
This pairing enables full coverage, with offline copies stored in a physical location and more recent copies in the cloud for faster recovery. Since both options have independent residual risks, a combination protects important client information without compromising the availability of your practice. A customized solution from a disaster recovery-as-a-service (DRaaS) provider can even meet the needs of hybrid architecture and allow multiple levels of data recovery.
Legal data stewards are responsible for performing due diligence in the form of planning, budgeting, executing, testing and verifying backup and recovery services to protect against cybersecurity threats. The testing and verification are critical. By implementing an effective disaster recovery plan, small practices and individual practitioners can count on continuous protection of sensitive data from cyberattacks. Because, particularly in terms of legal work, time is quite literally money.
Derek Brost, Director of Engineering at Bluelock, is a certified Information Systems Security Professional (CISSP) with a 20-year background in IS/IT operations.