Lessons about ransomware attacks from a military background
Having spent two decades in the military before starting up her own legal practice, EJ Wise knows better than most that, when it comes to protecting one’s firm, there is no substitute for being prepared.
To continue reading the rest of this article, please log in.
Create a free account to get unlimited news articles and more!
In EJ Wise’s estimation, all law practices – small, medium and large – “are as vulnerable as their most insecure link”.
Speaking recently on The Boutique Lawyer Show, Wise Law principal Ms Wise said that, nowadays, software being used by multiple law firms is what will be attacked by ransomware hackers, as opposed to targeted individual firms themselves.
That poses a significant risk to boutiques, she warned, noting it is something that cannot be ignored, even amid concerns about the bottom line in the wake of the pandemic.
Ms Wise said: “Putting yourself into a consumer mode, and as practitioners, ask, ‘What would I advise someone else in my position to do?’
“We’re so often consuming, as law firms, but we’re not thinking of ourselves as consumers. If someone’s come along and offered you, as a law firm, an amazing piece of technology, which will reduce your workflow, ask the question before you purchase it, ‘Did your team of coders build this with security in mind? Was it secure by design?
“For example, Zoom, there’s a lot of talk about how insecure Zoom was. I’m much more comfortable with it now than I was six months ago, because they have back-ended a lot more security, but it wasn’t a product that was secure by design. And what did that lead to? It led to some leaking of information. People weren’t aware that the free Zoom calls were being recorded, and could be repurposed.”
If you’re asking for some consumer good to be supplied to you, Ms Wise continued, and it happens to be a software or a device, read your terms and conditions.
“And if you can’t, if they’re too technical, get someone that can,” she suggested.
Secondly, boutiques must recognise that they may be the last person to touch their client’s matter before they fall victim to ransomware attacks.
“So, can you add something of value? I’m not saying everyone now needs to be a cyber law specialist, but can you add something of value to them, that will make them more secure?”
If you’re being targeted by a ransomware attack, she mused, “there’s almost nothing you can do”.
“You can install certain security measures, you can make sure everyone in your firm accords with a policy of security, has multi-factor authentication, for example, but with the military background, it’s about being prepared,” she continued.
“I sound a little bit Boy Scout-y or Girl Guide-y. But be prepared. If we know that there’s a likelihood, even if it’s only slim, of being breached, and whether it turns into ransomware, or whether it’s a straight-out theft or business email compromise, what do you do?
“Do you have a data breach plan or an incident response plan? Do people know where it is? Is there one printed-out copy in the whole building that people could run to, if their computer’s frozen? Because, like any shock attack, if you don’t have a plan, your big deal is going to take over and you may make poor decisions.
“For example, you may decide to pay someone who has ransomed your firm. And that may not actually accord with your responsibilities, either as a director or principal.”
To listen to the full conversation with EJ Wise, click below:
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.
You can email Jerome at: