The danger with Russia’s invasion of Ukraine is severe enough that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published the “Shields Up” memo, which advises businesses to beef up their security and continuity plans; “Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include the U.S. homeland.”
Before we jump into some of the details, I want to make a specific point: Working with solo and small law firms for the past 16 years, I have noticed a real propensity to discount many of these strategies. The belief is, “since I am just a solo or small law firm, I don’t need to be concerned with these threats. “Not gonna happen to me” is a statement I have heard far more often than I’d like to admit.
For this reason, I have highlighted the items that everyone can focus on, regardless of size.
Key Advisory Steps for Law Firms
The Shield Up guidance instructs all businesses to follow these precautions to reduce the chance of a catastrophic breach.
Shoring up defense recommendations include:
- Strong cloud service controls should be implemented.
- Validate that network, privileged, and administrative access is secured with multifactor authentication (MFA).
- Make sure software is up to date, and vulnerabilities are patched.
Ensure you and your team are using unique passwords have enabled MFA on all possible accounts that hold anything of value. Keep all computers up to date (the worst way to do this is by hoping others will do it –they won’t –we know. It would help if you had tools that automate this task.
Take steps to detect a potential intrusion quickly.
Security can be enhanced by implementing these recommendations:
- If the company works with Ukrainian firms, it should devote extra time to detection, isolation, and cleanup.
- Focusing cybersecurity and IT staff on detecting and addressing unusual network behavior.
- Maintaining that the company’s antivirus and antimalware programs are up to date and deployed.
Ensure you have an enterprise-grade firewall/router. If you have your ISP router installed and connect all your devices directly to that, I do NOT consider you protected. The solutions can range here based on your setup home vs. office.
Dark web scanning is a valuable solution to keep an eye on the dark web for compromised credentials. The easiest way to think about this: If burglars had a
copy of your home key, you’d want to know right away. Dark Web scanning does this for your firm.
All computers need antivirus and malware; yes, Macs do too. Again, the best way to have firm-wide solutions in place.
Make sure the organization is ready to respond if an intrusion happens.
Prepare to respond to dangers by:
- Creating a crisis response team, making plans and assignments, and focusing on disaster recovery and business continuity.
- Organizing tabletop exercises to ensure that everyone is clear on their responsibilities.
- Staffing is important. It’s critical to have adequate personnel on hand, including surge support, in an emergency.
Do you have a written Disaster Recovery Plan in place? I believe strongly that it is better to have a plan in place and not need it than to need it and not have it!
Increase the firm’s resilience to a damaging cyber incident.
Evaluate recovery and mitigation measures by:
- Testing should be performed regularly to ensure that industrial systems remain operational if systems and networks are disrupted or inaccessible.
- Restoration and backup process testing.
Run a fire drill. Have everyone disable internet access. What do you do? How do you access all your data? What are your backup plans? Again –better to have it and not need it than to need it and not have it. Go to the coffee shop? CAN you access files remotely? What about your phone provider? Having all these in the cloud significantly reduces your dependency on a single internet connection.
In addition, CISA offers the following guidance for Corporate Leaders:
- Including Chief Information Security Officers (CISO)s in critical risk decisions will empower them to manage these risks better.
- To prevent critical business operations from being lost when cyber assaults are successful, businesses should focus on Continuity.
- Put a plan in place to provide structure for the firm to take critical infrastructure offline in a worst-case scenario.
- Lower reporting thresholds below currently set points for reporting suspicious incidents to CISA and the FBI.
- Verify that all executives, not just IT and security personnel, are aware of how to react in the case of an emergency participate in Response Plan Tests.
This section is written for the Fortune 500 company and is more difficult to decipher. My previous tips are most relevant. Run some simple simulations. Since we’ve been through the shutdown two years ago, I think most firms are now better prepared than they ever had been. This exercise is worth discussing with your team and laying out some key points.
My intentional repetition in this article is that it is better to have it and not need it than to need it and not have it.
Before creating BobaGuard, many of the solutions I mentioned in my tips were unavailable to solo and small law firms. I realized this lack in the market and set out to build a solution to serve the 49% of lawyers out there that are solos and get them access to these solutions, which can drastically reduce your risk of getting hacked.
It was built specifically for solo and small firms that tend to be tech-savvy. They don’t need to outsource all their IT needs fully and are comfortable handling most things on their own. But they are also smart enough to know they are far from cybersecurity experts. That’s where BobaGuard comes in.
BobaGuard includes 8 of the most effective, modern cybersecurity solutions made available for solo and small firms. If you’d like to raise your cybersecurity preparedness level from where you are to where you know you should be, check out BobaGuard. The DC Bar and State Bar of Wisconsin have added BobaGuard as a member benefit because they realize the timely importance of such a solution.