You need an immediate response plan for cyber incidents at your law firm
Does your law firm have an immediate response plan in place if you are the victim of a cyber incident? It is…
Does your law firm have an immediate response plan in place if you are the victim of a cyber incident? It is essential to work quickly after a cyber attack at your law firm to protect your sensitive company data. Past attacks show that the decisions your firm makes in the first few hours following an incident can have a significant impact on the level of disruption, financial loss and reputational damage. Always assume that all data is at risk and all systems have been compromised until proven otherwise.
Your response plan will differ for the type of attack, but below is a generalised response plan if your law firm falls victim to a cyber incident.
1. Stop the spread
The first step is to disconnect the affected machines from the network and back up systems. Inform all staff of the incident and request they cease use of their computers or ask them to minimise the files they access, open or send (even from personal accounts). While you are waiting for professional assistance, reset all passwords on a known secure device and make a note of the new passwords off the network.
2. Get help
Contact your usual IT support, internet service provider, bank, and cloud storage providers. Instruct your bank to freeze all access to firm accounts aside from manual transactions in a local branch. It is also important to report any attempted fraud to the police
3. Identify the attack and neutralise it
When creating your cyber incident response plan and dealing with attacks, do not assume that you are dealing with only one form of attack, or if you pay the ransom, the attack will be over. One type of attack can be used to launch others or be disguised as another.
5. Find out what client data may have been accessed
Throughout every stage of the recovery, ask the IT support to identify any data that has or could have been compromised. Prioritise who you be contacted and by what method.
6. Let clients know
Since the Notifiable Data Breach scheme came into effect in early 2018, all businesses must report the incident to the Privacy Commissioner and other relevant law enforcement within 30 days of the breach, or be subjected to up to $2 million fines. Find out more about the Notifiable Data Breach Scheme here.
Inform clients as soon as you know or reasonably suspect that are at risk. Your clients may receive fake invoices, malicious emails, theft of personal data, blackmail, or fraudulent credit card transactions. It is best to run any communication past lawyers or insurers before sending.
Communicate regularly with clients when you have more information and designate a staff member to communicate queries or issues that may arise with clients.