Ransomware and other online attacks have been in the news recently, from shutting down the Colonial Penn pipeline to schools, hospitals, and a meat processing company. FBI Director Christopher Wray has asked victims not to pay ransoms. But the cybercriminals now have a new threat. If the ransom is not paid, in addition to not decrypting the victim’s files, the new threat is all the stolen data will be posted to the dark web for other bad actors to view and download.
That should terrify every lawyer. In addition to client’s phone numbers and email addresses being shared, the idea of every deposition transcription, every confidential settlement agreement, every email you have written, every QDRO, every salacious allegation in a contested child custody case and more being shared openly on the dark web is terrifying. Imagine having to tell all of your clients their confidential information is online and that came from an attack on your computer system.
Review the ABA’s Law Firm Guide to Cybersecurity for some great tips and priorities. Just subscribing to a password manager that allows you and all your employees to use long, complex passwords without having to remember them, talking with your employees about how to recognize phishing emails and requiring multi-factor authentication can dramatically reduce your risks.