This deep into the post-pandemic landscape, there’s no question that the rapid flip to remote work has had a profound impact on the working landscape. Issues such as long-term protection of client data may have been cast aside at first in a needs-must scramble to adapt, but they can be ignored no longer. In an increasingly digital world, no lawyer can lose sight of the severe cyberspace risks that threaten their clients’ confidential data. Nowhere was this more aptly demonstrated than on May 8th, 2020, when prominent entertainment law firm Grubman Shire Meiselas & Sacks Law found themselves staring down the barrel of a loaded ransomware gun.
Ransomware is a particularly ugly type of virus. Once a PC is infected, all data is encrypted (or at least claimed to be encrypted) so no one but the crook on the other side can access it. They will then demand you pay to get your data back. Even if they deliver, who knows what’s been pulled from that file or who’s had their sticky fingers in it?
On May 8th, 2020, GSMS’s computer system was hit with ransomware from the cybercriminal gang REvil. They set their initial ransom at $21 million, but doubled it when they discovered juicy data relating to Donald Trump. GSMS, if you don’t know them, handle Madonna, Lady Gaga, Bruise Springsteen, and many more big entertainment names.
They refused to pay the ransom (on FBI advice), and while some of the missing data has been recovered through privately hired security, most of it is simply out there, purchasable online through the Dark Web for any purpose a criminal chooses.
Are you keen to make sure your future clients never face the same experience? Regrettably, the same criminal ingenuity that plagues ‘real life’ crime is seen in digital spaces. Cyber security will never be a one-and-done event, but rather something you need to continually adapt and update. Of course, it starts with being aware of the risks. There’s a lot GSMS should have had in place to protect their clients, but cybersecurity is a new field and lawyers can fail to adapt the same as anyone else. A situation like this could have been prevented with a full cybersecurity solution in place. Here’s what we would have done:
In the age of remote working, it’s no longer good enough for one or two people in a firm to worry about cybersecurity. Best practices for data security need to be in place for everyone. No unprotected files, no ‘taking work home’ off of secured PCs, no leaving flash drives on the table while you go to lunch.
A Software-Defined Perimeter solution is a way to mask your internet-connected devices from external parties. It works both for on-premise and cloud resources, which is why it is so valuable in the remote work era. Picture an invisibility cloak over your IT infrastructure and you have the right idea. While cyber technology is always evolving, it’s currently one of the best front-line defenses we have against cybercrime.
Your cybersecurity is only as strong as its weakest point. Regular cybersecurity audits, like normal audits, involve bringing in professionals to ensure your protocols are still up-to-date and secure. Penetration testing effectively simulates an attack against your infrastructure, noting how it holds up to the test.
Cybersecurity is only going to become even more important to law firms and other entities that handle sensitive data. Start your career off on a good footing (and avoid the embarrassment of a GSMS-like incident) by making sure you use smart tech the right way to keep your clients safe and their data secure.