A recent ransomware incident targeting an Alberta law firm underlines the need for Alberta lawyers to protect themselves from this kind of cybercrime.
As described simply by the Canadian Centre for Cyber Security (Government of Canada), ransomware is a software that denies you access to your files until you pay a ransom. Victims receive an on-screen alert stating their files have been encrypted or a similar message, depending on the type of ransomware. Payment of the ransom does not guarantee return of files or access and may even result in further extortion.
An Alberta law firm recently reported to the Alberta Lawyers Indemnity Association (ALIA) that it was the victim of ransomware and temporarily lost access to electronic files.
For law firms, the risk is not limited to payment of the ransom or permanent loss of access to files. In this kind of instance, confidential client information could be disclosed to a hacker, which may damage the client or parties with which the client is involved.
Prevention is Critical
While cyber insurance products can help address the consequences of cybercrime, they do not prevent it. There are numerous resources available for firms to develop strategies to protect themselves, including through the Canadian Centre for Cyber Security and commercial service providers (for example, IT security experts). A sampling of tips includes:
- Back up files on a regular basis. Ideally, backups should be diversified, so that the failure of any single point won’t lead to irreversible loss of data (for example, one copy in the cloud and another on an offline physical media).
- Be wary about email attachments and hyperlinks. Malware is often spread through phishing emails and hyperlinks received via social networks and instant messages.
- Protect your computer with active and updated anti-virus software, spyware filters, email filters and firewall programs.
- Patch and keep up your operating system, antivirus software, browsers and other applications. Malware often exploits security vulnerabilities in existing software and patches help prevent that.
- Consult an IT professional as to what other steps should be taken in your systems, computers and devices. There are many specific, technical steps that should be considered which may involve items including file sharing, remote services, unused connections, and enhancing the security of common applications.
- Develop a business continuity plan and incident response plan.
These are only intended as examples of steps that should be taken. An IT professional should be consulted to help develop a comprehensive strategy.
ALIA’s indemnity program covers subscribers against negligence and misappropriation in accordance with the terms of the group policy, but it does not currently provide coverage against cybercrime. ALIA recommends that all lawyers in Alberta obtain cybercrime coverage.
ALIA is hosting a cyber insurance webinar with Beazley on September 18, 2019, which has made a cyber policy available to Alberta lawyers through ALIA’s broker, Aon Reed Stenhouse.
View the webinar invitation
button in the attached invitation will be active approximately five minutes before the webinar begins. You will have to schedule this into your calendar separately).
As previously advised in our
November 21, 2018 ALIAdvisory
, cyber insurance can also be obtained from almost every commercial broker or from the Canadian Bar Insurance Association/Lawyers Financial (“Lawyers Financial”) and from the Canadian Lawyers Insurance Association (“CLIA”). It is important to note that cyber products do vary and not all products provide the same coverage.
ALIA remains grateful to Alberta lawyers and firms for their continued reports of potentially fraudulent activities.