Today’s ransomware attack on global law firm DLA Piper illustrates just how vulnerable the legal sector is to cyber-crime and the immediate need for a review of data backup policies.
DLA Piper is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific.
This major cyber-attack has knocked out the firm’s phones and computers across the firm and appears to have been caused by a ransomware attack, in that partners and staff cannot access files and systems without paying a BitCoin ransom.
It appears to be very much similar to the WannaCry attack that hit the NHS last month, or one of the new variants which is in circulation.
Legal Week has reported that DLA’s phone system has not been working for much of the day and partners have been instructed to turn off their computers as a precaution.
Meanwhile, the BBC is reporting that multiple organisations have been affected by the hack, including Russian oil producer Rosneft and Danish shipping company Maersk.
When WannaCry wielded its devastating effects on the NHS, law firms were warned that they were potential targets for such an attack in the future.
Steve Hill, ex-deputy director in the UK government National Security Secretariat dealing with cyber security, said: “There is a huge criminal cyber threat to law firms. The hackers perpetrating these types of attacks will not be teenage boys – they are criminal gangs set up to exploit law firms for sensitive data or lock people out of the data in return for a ransom.”
swcomms has been informing law firms about the risks they faced with a with an infographic revealing their vulnerability and an email campaign sent out our legal sector customers and prospects. We have also warned all our customers to update their Microsoft operating systems and to apply the latest security patches to reduce their risk.
But what all businesses, including law firms, need to consider is their data backup procedures and to test them regularly. If they are content knowing that they can access backed up files, then they will not need to worry about being held to ransom. Firms need to decide what data they cannot possibility work without and back up accordingly, and automatically, to an offsite facility.
Stories of cyber-crime are regularly hitting the headlines these days and this data backup must find its way onto partner meeting agendas for serious consideration before another firm falls foul to hackers.