Posted by Mike Walker, chief technology officer of Legal Futures Associate Peppermint Technology
On average, 4,000 ransomware attacks occurred per day in 2016, according to a report from the FBI. Diving deeper, ransomware attacks on businesses have become more frequent as well. Between January and September 2016, ransomware attacks on business increased from once every two minutes to once every 40 seconds, according to Kaspersky.
Over the last 12 months, the levels of cyber activity continue to increase month on month, as have the sophistication of attacks, but in just the four days after the WannaCry attack, the volumes of malicious activity increased 400% over the previous month.
To minimise a law firm’s vulnerability and risk of data loss, strategies such as anti-virus, anti-malware, scanning agents, data back-up, data encryption, DDOS and regular security patching must be considered as a combination.
Any ‘weak link’ in operating systems and secure networks presents an increased level of being compromised. Poorly maintained legacy systems are potentially most at risk.
Cyber-attacks can happen if you are in the cloud and/or on premises. The WannaCry attack, which impacted over 100 countries, would have been prevented by a security patch being installed. When an attack occurs, there are various outcomes all of which have an unquantifiable risk to the business.
Below I have laid out some basic, but important, suggestions to help minimise the risk of these types of attacks in the future:
Apply security updates
Ensure that the latest security updates are applied to all IT assets. There are tools that can be used to check successful installation and warn on any unprotected IT assets. The fact they would have stopped the WannaCry attack shows that this is an important and valuable investment.
Renew operating systems on desktops and server systems
Older machines running Windows XP, Windows 8, and Windows Server 2003 are not covered by Microsoft security updates, although Microsoft is taking the highly unusual step of providing a security update to protect these systems for this specific vulnerability. Customers running Windows 10 were not targeted by WannaCry.
Assess your cloud provider
For cloud users, ensure your provider proactively manages cloud security by implementing security updates and monitoring for potential threats 24/7. Some providers have specialist engineering teams that are proactively monitoring to look for unusual activity and where required act to prevent any breach.
For example, Peppermint’s cloud partner, Pulsant, has invested over £500,000 in the last 12 months in enhanced tools, processes, monitoring activities, detection, training and above all expert staff. There is a dedicated security team with deep and multiple skills sets, whom are dedicated to monitoring, assessing, managing and mitigating threats for our customers.
Pulsant operate with the following security accreditations: CSA Star Alliance, Cyber Security Essentials, and Cyber Security Essentials+.
In this team, we have staff who are certified Black Hats, Ethical Hackers, SecDevOps, Metasploit Masters and Adaptive Penetration Testers working actively alongside CESG (Communications-Electronics Security Group, part of the National Cyber Security Centre) and other UK cyber-crime agencies.
Leveraging the extensive experience protects customers from upwards of 2,000+ malicious incidents every month.
Train your staff in IT security basics
I can’t overly stress the importance of basic IT security training. With the increased amount of information consumed by people today, in email and social media, all of which are points of attack. The weakest point in the security loop is typically the human.
We are duped into clicking on links that we deem safe from friends and colleagues. This provides an activation point for hackers to exploit weaknesses in their computer systems. This along with not being up-to-date on security updates provide the hacker the ability to take control and cause havoc.
The nature of the connected world, and dependency on IT, means we all need to take security very seriously.
Consider moving to a fully managed email system
As an example, Peppermint uses advanced firewall services and Office 365 to host our email. This means we benefit from features that are checking for malicious website links. These services are continuously checking for viruses and malware embedded within them to provide additional levels of protection for human-based activation of these threats.
The benefit of using this service or similar is that unusual activity across many organisations’ emails can quickly detect and prevent malware being able to make any impact.
I would suggest ensuring your systems are fully monitored and that these services equally have features enabled to prevent such attacks like Windows Defender SmartScreen and perimeter-based solutions on your firewall to place as many doors as possible to prevent these hackers getting through.
Make regular backups
It is imperative that you have a comprehensive backup plan in place and, more to the point, it is important to audit what is backed up and ensure restore tests are done frequently to ensure they are reliable.
One common mistake is not ensuring all required resources are backed up and ensure people don’t store information on their local machines.
Leverage the benefits of the cloud where possible
Local machines are rarely included in a back-up plan and a device lost to ransomware or other localised attack would be unrecoverable if not backed up.
It is important to inform people to ensure they always use cloud storage and or server-based storage. If the user works offline, then the use of active sync technologies to sync devices when they reconnect to the network is another good practice to ensure these devices are appropriately included in the back-up policy.
In the Peppermint Cloud, we use a fully managed cloud backup solution for our administrative systems and it is tested regularly to ensure we can restore systems. Our cloud solution also has another comprehensive back-up solution with a retention policy for production data to provide class leading back-up managed by Peppermint and Pulsant.
Continue to check and validate your security policies
I can’t stress the importance of continuously validating and checking on the current policies you may have in place on any major event like this.
It is a challenge to keep in front of the knowledge and know about all the issues, upgrades, patches, version controls, amends in security best practise. Often these changes require constant investment in new infrastructure and software to take advantage of the new updates and upgrades and this may not have happened due to time pressure or investment reasons.
Now is a good time to review this position as a priority.
Whilst these eight steps will never completely remove the risk of a cyber-attack, putting these basics in place will certainly minimise the risk and are a valuable safety net.