Last updated on November 27, 2017
On average, 4,000 ransomware attacks occurred per day in 2016, according to a report from the FBI. Diving deeper, ransomware attacks on businesses have become more frequent as well. Between January and September 2016, ransomware attacks on business increased from once every two minutes to once every 40 seconds according to Kaspersky.
Over the last 12 months the levels of cyber activity continue to increase month on month, as have the sophistication of attacks, but in the last 4 days alone the volumes of malicious activity have increased 400% over the previous month.
To minimise a law firm’s vulnerability and risk of data loss, strategies such as Anti-Virus, Anti-Malware, scanning agents, Data backup, Data encryption, DDOS and regular security patching must be considered as a combination. Any ‘weak link’ in operating systems and secure networks presents an increased level of being compromised. Poorly maintained legacy systems are potentially most at risk.
Cyber-attacks can happen if you are in the cloud and/or on premise. The recent cyber-attack, which currently impacted over 100 countries, would have been prevented by a security patch being installed. When an attack occurs, there are various outcomes all of which have an unquantifiable risk to the business.
Below I have laid out some basic, but important, suggestions to help minimise the risk of these types of attacks in the future:
Apply security updates
Ensure that the latest security updates are applied to all IT Assets. There are tools that can be used to check successful installation and warn on any unprotected IT Assets. The current cyber-attack could have been avoided if the security updates had been applied this is an important and valuable investment.
Renew operating systems on desktops and server systems
Older machines running Windows XP, Windows 8, and Windows Server 2003 are not covered by Microsoft security updates, although Microsoft are taking the highly unusual step of providing a security update to protect these systems for this specific vulnerability. Customers running Windows 10 were not targeted by the recent cyber-attacks on Friday.
Assess your cloud provider
For cloud users, ensure your provider proactively manages cloud security by implementing security updates and monitoring for potential threats 24/7. Some providers have specialist engineering teams that are proactively monitoring to look for unusual activity and where required act to prevent any breach. For example, Peppermint’s cloud partner, Pulsant, has invested over £500,000 in the last 12 months in enhanced tools, processes, monitoring activities, detection, training and above all expert staff. There is a dedicated security team with deep and multiple skills sets, whom are dedicated to monitoring, assessing, managing and mitigating threats for our customers.
Pulsant operate with the following security accreditations
CSA Star Alliance
Cyber Security Essentials
Cyber Security Essentials+
In this team, we have staff who are certified Black Hats, Ethical Hackers, SecDevOps, Metasploit Masters and Adaptive Penetration Testers working actively alongside CESG and other members of the UK Cyber Crime agencies. Leveraging the extensive experience our teams both have in protecting customers from upwards of 2,000+ malicious incidents every month.
Train your staff in IT security basics
I can’t overly stress the importance of basic IT Security training. With the increased amount of information consumed by people today, in Email and Social media, all of which are points of attack. The weakest point in the security loop is typically the human.
We are duped into clicking on links that we deem safe from friends and colleagues. This provides an activation point for hackers to exploit weaknesses in their computer systems. This along with not being up to date on security updates provide the hacker the ability to take control and cause havoc like we have just seen last week. The nature of the connected world, and dependency on IT, means we all need to take security very seriously.
Consider moving to a fully managed email system
As an example, Peppermint use advanced firewall services and Office 365 to host their email. By using services like this we take benefit of features that are checking for malicious website links. These services are continuously checking for viruses and malware embedded within them to provide additional levels of protection for human based activation of these threats. The benefit of using this service or similar is that unusual activity across many organisations emails can quickly detect and prevent malware being able to make any impact. I would suggest ensuring your systems are fully monitored and that these services equally have features enabled to prevent such attacks like Windows Defender SmartScreen and perimeter based solutions on your firewall to place as many doors as possible to prevent these hackers getting through.
Make regular backups
It is imperative that you have a comprehensive backup plan in place and, more to the point, it is important to audit what is backed up and ensure restore tests are done frequently to ensure they are reliable. One common mistake is not ensuring all required resources are backed up and ensure people don’t store information on their local machines.
Leverage the benefits of the cloud where possible
Local machines are rarely included in a backup plan and a device lost to ransomware or other localised attack would be unrecoverable if not backed up. It is important to inform people to ensure they always use cloud storage and or server based storage. If the user works offline then the use of active sync technologies to sync devices when they reconnect to the network is another good practice to ensure these devices are appropriately included in the backup policy.
In the Peppermint Cloud, we use a fully managed cloud backup solution for our administrative systems and it is tested regularly to ensure we can restore systems. Our cloud solution also has another comprehensive backup solution with a retention policy for production data to provide class leading backup managed by Peppermint and Pulsant.
Continue to check and validate your security policies
I can’t stress the importance of continuously validating and checking on the current policies you may have in place on any major event like this.
It is a challenge to keep in front of the knowledge and know about all the issues, upgrades, patches, version controls, amends in security best practise. Often these changes require constant investment in new infrastructure and software to take advantage of the new updates and upgrades and this may not have happened due to time pressure or investment reasons. Now is a good time to review this position as a priority.
Whilst these eight steps will never completely remove the risk of a cyber-attack, putting these basics in place certainly minimise the risk and are a valuable safety net. At Peppermint, we believe partnering with a highly-accredited cloud expert, in Pulsant, combined with advising our customers to diligently apply updates, train staff and make colleagues aware of the potential threats, will all help create a safer environment.
Useful links for follow up information:
Microsoft Response
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Microsoft Technical Reference
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx