Reducing the risk of ransomware attacks

The recent and alarming spate of high profile ransomware attacks against government entities and courthouses in the United States, should be a reminder for law firms to maintain vigilance in protecting computer networks and client data.

Kevin Cheung

The recent and alarming spate of high profile ransomware attacks against government entities and courthouses in the United States, should be a reminder for law firms to maintain vigilance in protecting computer networks and client data.


The cost of failing to protect your network can be crippling. Once a victim of ransomware, a firm faces the stark choice of paying a ransom to access their data, or rebuilding the computer system and data in it. The ransom demands can range from hundreds of dollars to hundreds of thousands of dollars. Cities that have refused to pay a ransom have faced costs upwards of $18 million (Baltimore), and $15 million (Atlanta). Paying the ransom likely encourages the bad actor and payment does not guarantee a release of data back to you.


Being a victim of a ransomware attack can be a devastating business disruption, especially for smaller firms. The impact includes the loss of sensitive information, financial losses, loss of reputation and loss of the time it takes to recover. The detrimental effect can be too much to overcome.  


Taking steps to protect against ransomware attacks is the best way to reduce the risk of one. A lack of an IT department does not mean your firm cannot protect its system. Some simple preventative steps to take include: 


Train staff (including yourself)


The weakest security links are those that rely on staff to follow procedures. One of the most common causes of ransomware attacks is staff innocently opening malicious email attachments. Employees should never open unsolicited links or email attachments. Regular training is important as many people become less diligent without regular reminding.   


Email and web filters


A great way to compensate for a lack of staff diligence is to prevent harmful items from reaching them. Adjust spam settings to prevent phishing emails and executable files from reaching employees.  Likewise, configure firewalls to block access to known harmful IP addresses. A Google search will pull up lists of malicious IP addresses and URLs to block. 


Anti-virus and anti-malware programs


Your computers must have anti-virus and anti-malware software installed and scanning your system regularly. This software should also be scanning incoming and outgoing emails for threats.    


Backup regularly


A backup procedure for data stored on your computers is mandatory. With data backed up, you will eliminate the need to pay a ransom to access and restore data. It is prudent to have backup redundancies, such as backing up offsite and backing up to an offline external drive. 


Update operating system


Your firm must have an updated operating system on all computers. Updates are not there just to make your desktop pretty and enhance the user experience. Updates are issued to protect the system from security threats. 


Strong passwords


The use of excellent passwords cannot be emphasized enough. Multi-factor authentication is a must, and the use of a password generator and manager is encouraged. 


Cybercrime Insurance


Given the crippling costs of cybercrime, insuring against it is a growing market. For smaller firms that do not have an IT department and have less sophisticated security measures, cybercrime insurance could help maintain business continuity in the event of an attack.


Many of these suggestions may seem obvious. However, the increasing trend and boldness of ransomware attacks suggests that businesses are not getting the message to protect themselves. Why make yourself an easy target? Remove the opportunities for an attack by implement some simple preventative measures.  

Free newsletter

The Canadian Legal Newswire is a FREE newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered on a regular basis, providing targeted news and information of interest to in-house counsel.

Please enter your email address below to subscribe.

Recent articles & video

Excessive speeding, even momentarily, can be departure from reasonable standard of care: SCC

How does the COVID-19 criminal trials shutdown affect Charter rights of those awaiting trial?

COVID-19 layoffs, government benefits pose novel questions for employment lawyers

Legal Report: litigation ‘Green Rush’

B.C.’s Civil Resolution Tribunal keeps ‘doors open’ during pandemic

COVID-19 and the courts: March 27 update

Most Read Articles

COVID-19 and Ontario’s courts

COVID-19: law firms going remote, some restricting access to offices

How COVID-19 is forcing Canadian law schools to transition to online learning

‘No one knows what tomorrow will bring:’ Urgent matters for kids, families persist as pandemic rages