In EJ Wise’s estimation, all law practices – small, medium and large – “are as vulnerable as their most insecure link”.

Speaking recently on The Boutique Lawyer Show, Wise Law principal Ms Wise said that, nowadays, software being used by multiple law firms is what will be attacked by ransomware hackers, as opposed to targeted individual firms themselves.

That poses a significant risk to boutiques, she warned, noting it is something that cannot be ignored, even amid concerns about the bottom line in the wake of the pandemic.

Ms Wise said: “Putting yourself into a consumer mode, and as practitioners, ask, ‘What would I advise someone else in my position to do?’

“We’re so often consuming, as law firms, but we’re not thinking of ourselves as consumers. If someone’s come along and offered you, as a law firm, an amazing piece of technology, which will reduce your workflow, ask the question before you purchase it, ‘Did your team of coders build this with security in mind? Was it secure by design?

“For example, Zoom, there’s a lot of talk about how insecure Zoom was. I’m much more comfortable with it now than I was six months ago, because they have back-ended a lot more security, but it wasn’t a product that was secure by design. And what did that lead to? It led to some leaking of information. People weren’t aware that the free Zoom calls were being recorded, and could be repurposed.”

If you’re asking for some consumer good to be supplied to you, Ms Wise continued, and it happens to be a software or a device, read your terms and conditions.

VIEW ALL

“And if you can’t, if they’re too technical, get someone that can,” she suggested.

Secondly, boutiques must recognise that they may be the last person to touch their client’s matter before they fall victim to ransomware attacks.

“So, can you add something of value? I’m not saying everyone now needs to be a cyber law specialist, but can you add something of value to them, that will make them more secure?”

If you’re being targeted by a ransomware attack, she mused, “there’s almost nothing you can do”.

“You can install certain security measures, you can make sure everyone in your firm accords with a policy of security, has multi-factor authentication, for example, but with the military background, it’s about being prepared,” she continued.

“I sound a little bit Boy Scout-y or Girl Guide-y. But be prepared. If we know that there’s a likelihood, even if it’s only slim, of being breached, and whether it turns into ransomware, or whether it’s a straight-out theft or business email compromise, what do you do?

“Do you have a data breach plan or an incident response plan? Do people know where it is? Is there one printed-out copy in the whole building that people could run to, if their computer’s frozen? Because, like any shock attack, if you don’t have a plan, your big deal is going to take over and you may make poor decisions.

“For example, you may decide to pay someone who has ransomed your firm. And that may not actually accord with your responsibilities, either as a director or principal.”

To listen to the full conversation with EJ Wise, click below: