What Should Your Law Firm Do if You’ve Had a Cyber Breach?

IT Management, Security, Company News

Irish law firms have been facing an increase in cyber attacks in recent years. It’s estimated that there has been a 50% jump in these attacks over the past 12 months. During that time, 4 out of 10 Irish law firms experienced downtime as a result of a cyber attack.

Without a good cybersecurity strategy, these legal offices can suffer serious costs, including remediation of the security breach, reputation damage, and data privacy compliance penalties.

The steps you take after a breach can either increase or reduce the impact. Not having a cybersecurity response plan can lead to you paying much higher costs due to a delayed reaction.

IBM Security estimates that the global average cost for a data breach is €4.43 million. But organisations with a tested incident response plan can reduce that by €2.71 million, a savings of 39%.

Below we’ll discuss the vital steps that your Irish Law Firm should take immediately following the discovery of a data breach, ransomware incident, or another attack. Putting these into an incident response plan can save you millions in costs should your office suffer an attack.

Suffered a Data Breach? Here’s What You Should Do Next


Disconnect Infected Devices from Your Network

Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files through the use of encryption.

As soon as you discover that a breach has occurred, you should disconnect the infected device(s) from your network to try to contain the spread. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections.

You don’t necessarily want to shut off the device’s power until you’ve spoken to an IT professional. But you should isolate it from other systems, including any syncing cloud services.


Have a Professional Assess the Damage

Don’t try to deal with a cyber breach yourself. Unfortunately, people can make things worse if they do things like try to go online to download some free virus scanning tool (that could actually be a malware trap).

Instead, once your machine has been isolated, contact a trusted IT provider that can come and assess the damage and provide guidance. We have expertise and years of experience dealing with all types of data breaches and malware infections. This allows us to assess the issue and formulate a remediation strategy as fast as possible.


Remediate the Infection

Remediation of the infection is next. You don’t want more of your client files or sensitive law firm information being stolen while you’re dealing with the fallout. Once the breach is assessed, your IT security expert will begin remediating the breach to secure your network.


Determine Whether Client Data Was Breached

You will next need to find out what type of data was compromised. Did the attacker gain access to a client database with names, addresses, and phone numbers? Were sensitive cloud documents breached?

This is not usually a pleasant task to determine the extent of the breach, but it’s important because you will need to notify impacted third parties (such as your clients) that may have had their data exposed.


Contact Law Enforcement

Not every business will contact law enforcement when hit with a data breach, even though they wouldn’t think twice about doing so if this was a physical break-in. But data breaches are break-ins as well, so they should be reported.


Reporting the incident has a few benefits:

  • You have a record of the incident for any potential insurance claims
  • Law enforcement can track the breach, which may connect to others that have been reported
  • Your police report can be referred to in data privacy compliance reports and shows responsibility on the part of your organisation


Carry Out a Notification Plan According to Data Privacy Requirements

You will need to review the data privacy regulations that your law office is subject to, such as GDPR, and make notifications to third parties according to the guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business by those you need to contact.


Improve Defences to Stop Future Breaches

Once, you’ve handled the most time-sensitive steps above, next, you will want to reinforce your defences to ensure this type of attack doesn’t happen again. A good way to do this is by having a cybersecurity audit performed.

A cybersecurity audit can help an IT provider pinpoint specific weaknesses in your network that need to be fortified.

Schedule a Cybersecurity Audit with FutureRange Today

Don’t wait until you had a breach to have your security posture assessed. The team at FutureRange can perform a thorough cybersecurity audit to locate and make recommendations for any potential areas of weakness.

Contact Michael Rooney from FutureRange today to schedule a consultation. Call +353 1 2960 560 (Dublin) +353 6140 0230 (Limerick) +353 21 2427974 (Cork) or reach us online.


Some related posts

Securing the Frontline: The Essential Need for Incident Response Plans in Cybersecurity

5 Issues Co-Op Directors Need to Understand About Cyber Security

7 Essential Steps for Accountancy Firms to Take in the Event of a Cyber Attack