How To about Ransomware from Lawyers

May 17, 2021

Lawyers are sophisticated technologists in general. I was amazed with the advice in “Avoiding Ransomware Attacks is Not a Pipe Dream: Actionable Steps to Avoid Becoming the Next Victim.” Let’s run through the suggestions, shall we?

The first is to buy insurance. I am not sure how hedging financial losses is a way to “avoid ransomware.” If anything, insurance gives some people a false sense of security. My information comes from some individuals who suffered storm damage in Florida. Not a good sample I admit.

The second tip is to “understand what your IT provider is actually providing you.” My reaction to this brilliant chunk of “mom says” is that law firms may lack information technology professionals. I assume this dependence on outsourcing from individuals who have not read and understood the terms of their agreement with a service provider is a willing suspension of disbelief. Obviously any lawyer smart enough to buy insurance knows what an “IT provider provides.” Stellar logic.

The third tip is more reassuring: Understand what your “internal IT provides you.” Is there a cultural divide between the billable and the individuals who provide IT? No, it is helpful to speak with these IT professionals. For example, read the “data inventory.” Read the WISP or “written information security plan.” Know the firm’s “data breach response plan.” Know the “data retention plan.” (Absolutely. Without a copy of the information germane to a trial, how can those billable hours be counted. Perhaps keeping these data on a USB or a personal computer at one’s domicile is a great way to facilitate the “keep on billing” approach.) And, know the training plan. My goodness, it is possible that if a security training session is held at the firm, one should read about its plan. Attend? Yeah, well, maybe. One question, “Is there a Zoom or YouTube video one could watch if one is not billable?)

The final way to “avoid” ransomware is to talk with an attorney. What? I think the idea is that a firm may have its own legal counsel. But are recent hires permitted to call a firm’s legal advisors and spend the partners’ bonus money?

I am thrilled with this advice. Bad actors aware of law firms embracing this write up’s approach to security will seek a new line of work. Terrifyingly effective. Intellectually incisive. Practical. All-in-all wonderful.

Stephen E Arnold, May 17, 2021

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta