Lexpert magazine features articles and columns on developments in legal practice management, deals and lawsuits of interest in Canada, the law and business issues of interest to legal professionals and businesses that purchase legal services.
Issue link: https://digital.carswellmedia.com/i/743478
92 LEXPERT MAGAZINE | NOVEMBER/DECEMBER 2016 TECHNOLOGY | COLUMNS | George Takach is a senior partner at McCarthy Tétrault LLP and the author of Computer Law. in the attack. e firm was also, through its backup data stored offsite, able to resume operations without too much difficulty; and so it defiantly issued a public letter to its clients notifying them that the firm would not be knuckling under to the de- mands of the criminals. Part of this firm's rationale for its deci- sion was that in many cases, aer the vic- tim pays the ransom, the bad guys still don't release the data (though presumably many do, because if none did the business model for ransomware attacks would be discredited and no victim would pay the ransom). e firm also alluded to the fact that, when it is revealed that a targeted or- ganization has paid a ransomware demand, other criminals may repeat the attack on the same victim, knowing they have a fairly likely payer on their hands. In short, once you're hit with a ransom- ware attack, you have a difficult decision to make and there is no easy way out. It is therefore worth asking what you can do to help prevent such an attack. PHISHING FOR DOLLARS Your chief information officer has invari- ably been hardening your defences against cybercriminals, and that's all to the good. Anything that makes it more difficult for the bad guys to enter your computing sys- tems is to be applauded. However, with ransomware, the un- savoury characters typically come right through your front door — not through some surreptitiously installed malware, but directly through email, by means of so-called phishing messages that look and feel an awful lot like email messages that your staff might be expecting. Unwittingly, they click on the message and oen its at- tachment, which is enough to launch the corrupting malware into your computer systems. e bad guys are in! Phishing emails are a much improved version of the scam email message of many years ago that looked ragged, had a bunch of typos and detailed an unbelievable story. ("You have won a million-dollar lottery, I will send you the winnings if you send me the $25,000 processing fee first.") It should be noted, though, that even these scam emails found their mark in many cases, costing Canadian companies and individu- als surprisingly large losses. Today, it will more likely be an email purportedly from your bank, with excel- lent graphics and branding, and a credible message. ("We have attached your latest monthly statement, which shows a double entry we would like to discuss with you at your earliest convenience.") You click on the file attached, and voila, the criminal soware is now wending its way into your firm's central nervous system, and in a mat- ter of a few moments it has implemented an encryption algorithm that will seize your systems and deny you access to them. e ransom email will follow in short order, requiring you to pay very promptly by e-transfer or the blocked data files will be destroyed altogether. Yikes! If these are critical datasets, and your organization needs them right away in order to continue to operate … well, you can see why some victims would rather just pay than risk some discontinuity of service and access to data. It is, in effect, a cost of doing business, or so goes the argument. BACKUP IS BEST SAFEGUARD It's easy to see how, when faced with such a situation, you would really want to have backup data handy and ready to be put into active production at a moment's notice. In other words, if you can keep operating without the data that the criminal has dis- abled, then you can thumb your nose at the sender of the ransom note. is requires, however, a very disciplined and expert approach to conducting back- ups. is in turn will cost some money to implement. And the criminal elements are betting on not many organizations doing this well; hence, the ever-growing business model for ransomware. YOUR EMPLOYEES AS DEFENCE e other defence point that needs hard- ening is your staff. When they are pre- sented with that phishing email, ideally they ignore it. But to do so, they need to be trained, coached and reminded constantly not to click on the problematic message. Of course, it's not either data backups or employee training, but both — along with a number of other active steps to strength- en your organization — so that when the cybercriminals come a-calling they find it more trouble than it's worth to mess with you. For example, make sure your soware maintenance and support efforts are imple- menting the latest security patches, all the time, constantly, without exception. And ideally — again, back to people reminders — you can convince your staff to put into your systems only soware that your IT group scans for viruses first. e old saying really applies here: an ounce of prevention is worth a pound of cure. If all else fails, take a close look at your insurance policies; and it's a good idea to review them now, before you're hit with an attack. If you feel your coverage is on the thin side, take a good look at some of the newer cybersecurity policies. IN MANY CASES, after the victim pays the ransom, the bad guys still don't release the data. ... And when it's revealed that an organization has paid the ransom, other criminals may repeat the attack on the same victim, knowing they have a fairly likely payer on their hands