How would you respond if your firm came under attack from cyber criminals? A cyber action plan can save you trouble if the worst should happen. This article covers the story of a recent cyber-attack on a small firm and how the experience changed their approach to cyber security.
What’s your plan if you suddenly find you can’t access your information on your computer?
On a recent Monday afternoon, a small firm suffered an attack on their local server which hosted their practice management software. The firm’s local server was hit with three different ‘infections’ in the space of eight seconds resulting in a complete shutdown barring access to everything on their practice management system. The infections came via remote access. While the firm had some virus protection in place it was not enough to stop this new sophisticated attack.
They called their IT people in as soon as the attack happened. They estimated it would take at least a week to recover the system and recommended a ransomware data recovery expert be brought in. The firm followed that recommendation and it took eight days to recover the system. The cost to the firm was $30,000. They had no cyber insurance to cover this. Fortunately, the firm’s document management system and email were on a cloud server and unaffected. The experts also determined there was no data accessed or lost on the local server. While it took a week to be back to full functionality, particularly for time recording and billing, the firm was able to complete multiple settlements during that time in accordance with contractual requirements — although it took a lot more time and effort to do it.
Interestingly, there was no ransom demand, as is usual in an attack resulting in a system shutdown. The experts suggested it might have been an attack by someone who was just testing vulnerabilities to see if they could do it.
The attack has prompted a rethink and resetting of priorities by the firm for dealing with the threat of cyber-crime. The firm had a mix of internal and external IT assistance and have now decided to outsource all their IT support to a specialist cyber security organisation that can monitor and maintain their system’s security. They realized that in the current environment it is now essential to retain security experts to protect their information systems, their clients’ data and their workflow operations. It is simply a core part of conducting a business safely.
No firm is immune from attack, and even the most diligent firms can suffer cyber-attacks. It is important to be taking proactive steps to mitigate the risk of an attack, such as the steps in our last article, but it is also important to have an incident response plan with access to skilled cyber experts and cyber insurance if the worst happens.
For more information and resources to help keep your practice secure visit our cyber security page.
