Saturday, 13 May 2017

Ransomware: Lessons for Conveyancers

The recent cyber attack on the NHS is a stark warning to a conveyancing industry targeted and vulnerable to cyber crime.

Imagine the scenario..It’s 7 p.m. on a Friday. You are about to finish a report on title due the next day when a message pops up on your laptop. It informs you that a third party has gained control of your system and encrypted all your files. To unencrypt your files, you must pay a ransom.

All your files on your computer system are now unreadable. Thanks to this ransomware attack, your firm has basically been shut down while your system is held hostage. Have you completions been compromised? Did clients expecting their balances receive them? How is everyone in the firm going to to work on Monday? Did you open a file that you should not have. A hundred questions and scenarios are going through your mind.

The most common ways for the software to be installed on a law firm’s systems is through phishing emails, malicious adverts on websites, and questionable apps and programs. After the ransomware is downloaded, generally only a unique “key” can decrypt the firm’s files.

Ransom amounts differ, but the price — depending on the hacker behind the scheme — is usually about £500. Larger firms may face significantly higher ransoms. The hackers normally demand payment in bitcoins, a digital form of currency that is difficult to track.

Lawyers should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn't been verified by an official store, and read reviews before installing programs. Most ransomware programs are extremely difficult to combat. Nevertheless, there are certain steps one can take to work around a virus, rather than simply acceding to the hackers demands.

One way is to recover files. Lexsure has been offering conveyancing firms backup solutions as one of its suite of risk management tools since 2010. The easiest way to fix a virus is to clean it off the infected properties and restore the information from backup systems. That is why you should frequently back up your files and use a service that provides redundant backup facilities. There are of course regulatory compliance requirements in relation to protecting and backing up client data.

When a firm has the option of paying hackers a lot of money or losing a couple of minutes of work and restoring from files that have been backed up, the choice becomes obvious. If you are not completely satisfied with your backup system and provider, now is a good time to conduct a review and make any necessary changes.

This is also a good time for conveyancing firms to considering the use file-accessing auditing to open their files. This functionality, which is built into Microsoft Windows and available through most secure, cloud-based solutions, tracks each time a user opens a file or folder. By monitoring the logging activity, the firm’s IT professionals can identify patterns or instances of unauthorized access. Through file-accessing auditing, you can launch a course of action such as stopping the server or removing file share creating the opportunity to halt the attack.

Conveyancing firms law firms have been hearing for years that they could be the victims of a cyberattack, the danger has never been clearer.

The SRA report on Information Security includes the latest information on what law firms can do to keep cyber-secure. We have also published tailored information for small firms, a guide to common scams, up to date scam alerts, and case studies.

No comments:

Post a Comment