How to protect your high-profile client data from ransomware attacks
Last week, a media and entertainment law firm that represents stars like Lady Gaga, Madonna, and Nicki Minaj confirmed that their internal data systems had been hacked, with the perpetrators holding 768 GB of sensitive data hostage for the hefty sum of $42 million. On Thursday, the hackers released a 2.4 GB folder containing legal work the law firm did for Lady Gaga, including contracts, promotional agreements, expense sheets, confidentiality agreement forms, and performer agreements.
The firm has stated that it will not negotiate with the hackers. But even if they did decide to pay, “there’s still the possibility that the hackers would release the information later,” says TJ Schoessow, AbacusNext’s Vice President of Technology Infrastructure. “Paying a ransom gives you zero guarantee that your data is safe or that it has been destroyed. Your best bet is always to prevent the attack from happening in the first place.”
There are four critical steps firms can take to protect their businesses and their clients.
1. Invest in a trusted hosting provider
It’s crucial to engage in due diligence when searching for a cloud hosting provider, ensuring that they have the ability to secure your sensitive client data. For example, do they offer a full-spectrum electronic protected health information (ePHI) and HIPAA compliance-ready solution technology? Do they enforce cyber security best practices, and is AI based ransomware protection proactively guarding against this ever increasing threat? Are their data centers in compliance, and are their data centers geographically dispersed?
Abacus Private Cloud is a full-spectrum ePHI and HIPAA compliance-ready solution certified at the highest levels. Automatic data backups are geographically dispersed to ensure your data’s available even in a catastrophe, while continuous threat monitoring keeps your practice secure 24/7.
2. Train staff early and often on security best practices
This is one of the easiest, most effective steps firms can take to prevent a ransomware attack. Schedule regular security trainings and educational emails reminding employees how to spot spear-phishing attempts, email scams, and other cyberthreats. Awareness is the single best protection and be sure to have a written, frequently tested incident response plan in place.
3. Establish an incident response plan
Firms are required by law to take reasonable measures to safeguard their clients’ information. So, it’s important to have an action plan in place that outlines the steps your firm would take in the event of an attack. Ransomware poses a serious risk to every business, and taking a proactive approach is the key to reducing your risk. You can learn more about disaster recovery planning and reliable backup solutions by consulting a technology partner who understands your organization’s unique needs. Contact an Abacus Private Cloud technology consultant to determine your current risk profile.
4. Virtualize your workstations and server
At a time when most businesses are operating remotely, firms are getting increasingly familiar with cloud-hosted virtual workspaces. Remote workplaces and servers allow you to access remote instances of each computer in your network, where you’ll be able to access all programs, tools, client information, and business-critical documents remotely, just as they existed before you lost access to your physical desktops. A virtual instance means you always have a reset switch to return to the last good state and can quickly respond to a ransomware infection on one device or in one location by using an uninfected device to reconnect.
Find out how Abacus Private Cloud can keep your firm’s data safe in our upcoming webinar, Private Cloud Cyber Security Advantages during COVID-19.