You need an immediate response plan for cyber incidents at your law firm

Does your law firm have an immediate response plan in place if you are the victim of a cyber incident? It is…

Cyber Incident Response Plan
Posted on: November 27th, 2019 onPlatinum

Does your law firm have an immediate response plan in place if you are the victim of a cyber incident? It is essential to work quickly after a cyber attack at your law firm to protect your sensitive company data. Past attacks show that the decisions your firm makes in the first few hours following an incident can have a significant impact on the level of disruption, financial loss and reputational damage. Always assume that all data is at risk and all systems have been compromised until proven otherwise.

Your response plan will differ for the type of attack, but below is a generalised response plan if your law firm falls victim to a cyber incident.  

1. Stop the spread

The first step is to disconnect the affected machines from the network and back up systems. Inform all staff of the incident and request they cease use of their computers or ask them to minimise the files they access, open or send (even from personal accounts). While you are waiting for professional assistance, reset all passwords on a known secure device and make a note of the new passwords off the network.

2. Get help

Contact your usual IT support, internet service provider, bank, and cloud storage providers. Instruct your bank to freeze all access to firm accounts aside from manual transactions in a local branch. It is also important to report any attempted fraud to the police

3. Identify the attack and neutralise it

When creating your cyber incident response plan and dealing with attacks, do not assume that you are dealing with only one form of attack, or if you pay the ransom, the attack will be over. One type of attack can be used to launch others or be disguised as another.

5. Find out what client data may have been accessed

Throughout every stage of the recovery, ask the IT support to identify any data that has or could have been compromised. Prioritise who you be contacted and by what method.

6. Let clients know

Since the Notifiable Data Breach scheme came into effect in early 2018, all businesses must report the incident to the Privacy Commissioner and other relevant law enforcement within 30 days of the breach, or be subjected to up to $2 million fines. Find out more about the Notifiable Data Breach Scheme here.

Inform clients as soon as you know or reasonably suspect that are at risk. Your clients may receive fake invoices, malicious emails, theft of personal data, blackmail, or fraudulent credit card transactions. It is best to run any communication past lawyers or insurers before sending.

Communicate regularly with clients when you have more information and designate a staff member to communicate queries or issues that may arise with clients.

For more information on how to prepare your law firm for a cyber incident, contact onPlatinum ICT today. Follow onPlatinum on Facebook to keep up to date with the latest in cyber security.

Back to all blog posts

What our clients say

Image is not available

Condev Construction pride ourselves on quality construction and building lasting relationships. When considering a new ICT company, we looked beyond IT. We deliberately build long term partnerships with companies that share our corporate culture and ethos. Not only are onPlatinum leading the way with innovative technology and strategic business solutions they are the right business partner for Condev, and we are excited to be working together on many projects that fall outside of the ‘traditional’ ICT arena.

Glenn Cream, Director of Business, Systems and Compliance, Condev Construction.
Image is not available

As a client since 2013, onPlatinum look after our business fibre internet, call centre phone systems, cloud and office printers. From service, sales and accounts all departments are easy and hassle free to deal with. We would have no hesitation recommending them other businesses who value service and effective IT. onPlatinum are always the first company we recommend to our clients who are looking for assistance with their ICT.

Travis Barlow - Managing Director, Vodafone Business Centre
Image is not available

onPlatinum ICT has become a core component of our business functionality. We utilise a suite of services from internet connection, cloud computing and a hosted phone system, enabling us to save on resources. Simply put, onPlatinum ICT is the perfect fit for us.

Bernie Hogan – Chief Executive, Queensland Hotel Association (QHA)
Image is not available

Being a franchise network, we at First Class Accounts understood the importance of a mobilised workforce. onPlatinum ICT implemented cloud computing virtually seamlessly, allowing us to work anywhere and on any device at any time.

Debbie Stanton - General Manager, First Class Financial Group
previous arrow
next arrow