You log in to work one day and discover your firm’s most critical files are inaccessible – they’ve been taken hostage. Cybercriminals have infiltrated your network and if you don’t pay up, they’ll either destroy the files or release them on the dark web.
Ransomware is a very real threat to Canadian law firms of all sizes and areas of practice. According to the Canadian Centre for Cyber Security, in the first six months of 2021, two thirds of Canadian victims were small and medium-sized organizations. Law firms are attractive targets because of the sensitivity of their data, which means they are higher value for extortion.
How Ransomware Works
Very likely you’re already familiar with the concept of ransomware and the devastating impact it can have on a law practice and its clients.
Typically picked up when a firm member clicks a malicious link or downloads an attachment in a phishing email, ransomware spreads through the files on their device in a matter of seconds, making its way through the network to locate sensitive or business-critical information.
Once its target is reached, the cybercriminal locks everything down and demands a ransom. The average ransomware payment in 2021 was more than $200,000 CAD. Adding the cost of downtime and system and data recovery on top of this, it increases significantly to an average $2.3M CAD.
Cybercriminals target small and mid-sized organizations for two primary reasons: they tend to have weaker security, and they can provide access to more lucrative targets – their clients. Sophisticated ransomware operations will sometimes attack companies’ third-party vendors as a means to gain access to their primary target.
Firms with clients in financial, insurance and government sectors are finding themselves subject to third-party security audits where their IT infrastructure, security policies and even staff training are assessed. This can be a months-long process and if your organization’s cyber security isn’t up to their standards, you could lose out on their business.
Protect Your Firm and Clients
Law firms with remote or hybrid workforces are at higher risk for cyberattacks, which is why attacks have increased since the onset of the pandemic. IT management becomes more complex when workers and devices are distributed, increasing risk.
Secure endpoint security is critical for preventing the initial breech. Remote and in-office device security, best practice management and employee cyber security training are essential for protecting your front line.
However, you can’t rely on endpoint security alone.
Detection and Containment
If an employee’s device becomes compromised, your organization requires immediate containment to mitigate further damage.
Ransomware is insidious, entering your network stealthily and taking its time, learning your systems, searching through files and even monitoring employee communications. Like a sophisticated bank heist, cybercriminals take the time to gather information to ensure a swift and effective blow. In fact, a 2020 IBM study shows that the average time for an organization to even detect a breach is 207 days! Immediate ransomware detection and containment is critical.
Firms need automated software that detects ransomware encryption and stops it in its tracks - even when the malware has bypassed all endpoint protection and other security tools. This type of software is a vital element of your overall defence strategy, providing critical protection for a small portion of your security budget.
Ransomware is scary stuff, however, the good news is that technology is continually evolving to provide enterprise-level security at scale for law firms of all sizes. Ricoh Canada provides a wide range of cybersecurity solutions and services, including automated Ransomware detection and containment, so you can rest easy and focus on serving your clients.