Login
Lessons about ransomware attacks from a military background
Having spent two decades in the military before starting up her own legal practice, EJ Wise knows better than most that, when it comes to protecting one’s firm, there is no substitute for being prepared.
Jerome Doraisamy
In EJ Wise’s estimation, all law practices – small, medium and large – “are as vulnerable as their most insecure link”.
That poses a significant risk to boutiques, she warned, noting it is something that cannot be ignored, even amid concerns about the bottom line in the wake of the pandemic.
Ms Wise said: “Putting yourself into a consumer mode, and as practitioners, ask, ‘What would I advise someone else in my position to do?’
“We’re so often consuming, as law firms, but we’re not thinking of ourselves as consumers. If someone’s come along and offered you, as a law firm, an amazing piece of technology, which will reduce your workflow, ask the question before you purchase it, ‘Did your team of coders build this with security in mind? Was it secure by design?
“For example, Zoom, there’s a lot of talk about how insecure Zoom was. I’m much more comfortable with it now than I was six months ago, because they have back-ended a lot more security, but it wasn’t a product that was secure by design. And what did that lead to? It led to some leaking of information. People weren’t aware that the free Zoom calls were being recorded, and could be repurposed.”
If you’re asking for some consumer good to be supplied to you, Ms Wise continued, and it happens to be a software or a device, read your terms and conditions.
“And if you can’t, if they’re too technical, get someone that can,” she suggested.
Secondly, boutiques must recognise that they may be the last person to touch their client’s matter before they fall victim to ransomware attacks.
“So, can you add something of value? I’m not saying everyone now needs to be a cyber law specialist, but can you add something of value to them, that will make them more secure?”
If you’re being targeted by a ransomware attack, she mused, “there’s almost nothing you can do”.
“You can install certain security measures, you can make sure everyone in your firm accords with a policy of security, has multi-factor authentication, for example, but with the military background, it’s about being prepared,” she continued.
“I sound a little bit Boy Scout-y or Girl Guide-y. But be prepared. If we know that there’s a likelihood, even if it’s only slim, of being breached, and whether it turns into ransomware, or whether it’s a straight-out theft or business email compromise, what do you do?
“Do you have a data breach plan or an incident response plan? Do people know where it is? Is there one printed-out copy in the whole building that people could run to, if their computer’s frozen? Because, like any shock attack, if you don’t have a plan, your big deal is going to take over and you may make poor decisions.
“For example, you may decide to pay someone who has ransomed your firm. And that may not actually accord with your responsibilities, either as a director or principal.”
To listen to the full conversation with EJ Wise, click below:
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly and HR Leader. He has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. In June 2024, he also assumed the editorship of HR Leader. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of the Minds Count Foundation.
You can email Jerome at:
