13 Ways to Support a Hacked Client
If your client falls victim to a cyberattack, they’re not alone — and they’re not helpless. Here are practices that should be part of their Rapid Response.
We’ve eradicated smallpox and nearly ended polio. But some viruses are only getting started.
Cyberattacks are the fastest growing crime in the U.S. The FBI estimates that everyday cybercriminals conduct 4,000 ransomware attacks, and researchers warn a typical company suffers 130 security breaches every year. Law firms themselves have fallen victim to hacking at an astounding rate of 23%. All in all, the U.S. Government estimates that the cost to the country’s economy is between $57-109 billion.
Though we tend to hear about data breaches of big corporations, the vast majority attack small and mid-sized businesses. And 60% of small businesses fold in the 6 months following an attack.
Attorneys can no longer relegate technological sophistication to the IT guys. Of course, we must be experts of our own cyber protection. We need to use legal case management software that provides adequate tools for monitoring security. But we also need to understand what our clients face when the worst hits them.
Here are 13 damage-control steps recommended by cybersecurity experts. These tips aren’t intended as legal or technical advice for you or your clients. But they can serve as reminders and considerations as your client drafts their response plan with the help of tech and legal experts.
13 Points of Cyberattack Rapid Response
1. Remember protecting yourself is your first priority.
In an airplane emergency, they tell you to put on your own oxygen mask before helping others. Cyber emergencies are no different. No matter what your client faces, your first responsibility is protecting yourself from malware infection. When a client is hacked, everyone adjacent to them is at risk. Without proper precautions, a disease becomes an epidemic.
Your first line of defense is cloud-based software. By conducting your work through case management software with multiple, robust security measures. In addition to the built-in security features, our software allows you to engage with your staff and clients in, secure platforms, avoiding the security disasters of email. In worst-case scenarios, if devices become compromised, cloud-based case management ensures business continuity. Even if attackers made your devices completely unusable, you wouldn’t lose a bit of information.
Other essential security practices include:
- Regular security audits, to systematically monitor for aberrant behavior
- Up-to-date software — including anti-virus software and malware detection software
- Physical security in your office
- Strong, different passwords for devices (using a password management tool can make this more possible.
Failure to protect yourself with these tools puts all of your clients at risk. And they know it. Increasingly, clients won’t work with lawyers unless they can demonstrate their security credentials. For more information on how Filevine can help protect your firm, set up a personal demo with a case management expert.
2. Identify whether or not a breach has occurred.
If your clients suspect they’ve been hacked, they must go into action immediately. Don’t hesitate. The more time that passes, the greater the damage and expense. For corporations, slow response time increases the risk of being found liable for the theft of others’ data.
First, they must learn whether an attack has even occurred. Here are some clues that can help them prepare:
- Appropriate security software should inform them of possible breaches.
- Regular security audits can alert them to strange activity, unusual locations, and out-of-place time stamps.
- Another hint of a hack is the sudden appearance of a new program on a computer. This should not be opened. Instead, they should contact an IT expert.
- A password suddenly not working.
- Other irregularities, like frequent pop-up ads, browser redirects, or strange posts on your social media sites.
- Of course, there are also unmistakable signs of foul play, such as a demand for ransom in order to access data.
Sadly, many companies and individuals aren’t aware of a breach until months after an incident, when they receive a reply to an email they never sent, or witness a pattern of cyberattacks among their contacts. This is why regular security audits are so important.
3. Follow an incident response plan.
Ideally, after a data breach has been confirmed, companies would immediately turn to their official incident response plan. But recent research by IBM shows that 67% of companies have no incident response plan in place.
That means that even with the dire, ever-present threat of a cyberattack, most companies are waiting until a cyberattack erupts before they figure out their response. They are waiting to build a plan until the very moment they are under the most stress and have the least time.
Planning ahead allows you to make fast, accurate decisions when a problem arises, even under pressure. Reach out to cyber-security professionals to coordinate on an effective response plan for your practice. Legal case management software can help you standardize these processes into team-wide workflows to effectively coordinate against client-attacks.
4. Determine the nature of the attack.
What kind of attack is the client-facing? Sometimes seemingly straightforward cyberattacks hide more sinister activity. Some ransomware attacks have been used as a smokescreen for data breaches. Victims think they were merely locked out of their data, but in truth, it was stolen. Denial of Service attacks has been used to distract an IT team while worse traps are quietly laid in the network.
5. Get help.
If a breach appears serious, clients will need an IT forensic expert. An inexperienced or DIY investigation might further spread viruses, and destroy the evidence trail needed to understand the extent of the breach.
This is also a good time to contact insurance providers. More companies are purchasing cyber liability insurance for this specific contingency. Many also turn to attorneys who are experienced with data breaches.
6. Evaluate the damage.
How bad is it? Companies should figure out if any data has been stolen or lost. If so, they should compile a list of clients and employees who may have been affected.
While some attacks steal information, others block or destroy it. This is why regularly backing up information and secure cloud storage is so important for business continuity.
Another hugely helpful technology is cloud-based legal case management software. With a secured database, redundant data backup, and other security features, cloud-based legal case management software keeps your information available, even when your device is compromised.
7. Quarantine the attack.
In a large cyberattack, the damage can rapidly spread across the globe. It can bring entire industries to their knees. Adequate quarantine might mean shutting down all network servers and turning off all devices.
In 2013, Target suffered a massive data breach. Everyone heard about the catastrophe — but few know that it began with a cyberattack on an HVAC vendor they worked with. Had that HVAC company been able to quickly quarantine the attack, it would have protected the data of 40 million shoppers.
The quarantine process requires the help of everyone in the company. A single weak leak can allow the attack to keep spreading.
It’s important that backup systems are separate and segregated from your other systems. Otherwise, they could simply spread the contamination when you open them up.
8. Eliminate malware.
Removing malware could be as easy as installing the right antivirus software. Or it could be a more complicated process requiring the attention of multiple IT experts.
In this process, clients must be careful not to fall for fake antivirus software. This malware preys on people who are too desperate and stressed to double-check the reliability of their downloads. It installs more bugs and attacks your system while pretending to clean your computer.
They should always research their antivirus options and ensure they’re dealing with legitimate companies before downloading anti-malware software.
9. Compile an incident report.
Throughout the process, companies should track their actions in an incident report. An incident report documents what occurred, what steps they took to address the situation, and who was involved in the response. Incident reports are especially valuable to defend against liability lawsuits for stolen customer data. They can demonstrate that a company took all reasonable measures to protect the confidentiality of its customers.
10. Conduct an after-action review
Clients must understand their security process, how it failed, and what has to change to ensure it doesn’t fail again.
If malware entered through a sophisticated phishing attack, that means your client needs to institute regular training on how to recognize phony emails. If that training is already part of their routine, they might want to consider more creative training opportunities.
Filevine keeps its own employees on their toes by sending occasional fake phishing emails. If links are opened, they direct employees to complete more security training. A brief moment of embarrassment is a more powerful education tool than the best-written policy or a more engaging powerpoint presentation.
11. Notify appropriate authorities.
Depending on the nature of the attack, clients may need to notify local police departments, the FBI, the Secret Service Electronic Crimes Taskforce, the Federal Trade Commission, and/or the IRS Criminal Investigation Unit. In addition, each state has its own statutory breach notification laws, requiring additional disclosures to state regulatory agencies.
Also keep in mind that sometimes law enforcement officials may require a delay in notifying those whose data has been stolen, while they investigate the crime.
12. Notify affected clients.
This step is probably the most painful in the list. But prompt and proper notification is a protection against the further spread of an attack. And in many cases, it’s the law.
46 states require hacked companies to notify all affected customers. Familiarize yourself with the laws that affect your region — your clients may face specific rules on deadlines and the manner of notification required.
In their notice to customers, encourage your client to be straightforward, honest, and reassuring. Legalese or technical jargon will only confuse customers. But a readable, informative notice can help retain customer confidence through the crisis.
While the notice should be prompt, it shouldn’t be rushed. It’s best to gather all the facts, understand what went wrong, and plan for improved security in the future. That way, their notification to customers can be accurate and include the investments they’re making to ensure it doesn’t happen again.
Your client can maintain control of the process by instituting a company-wide plan to handle client communications. This may also require designating one person as a public relations spokesperson to talk with the press.
13. Bring your firm back on track.
For a small business, the average cost for a data breach is $36,000. But the damage can run much higher. Costs include forensic examinations, customer notifications, credit monitoring, and liability lawsuits. On top of that is the damage done to a company’s reputation.
Your client’s final task is getting their team back up to speed. The best way to do this is to dedicate themselves to improved security and the prevention of any future attacks. It’s the time to invest in more secure software and communication platforms; create and regularly review and incidence response plans, and update their training.
With hard work and attention, and reliable legal case management software, the mortifying experience of a cyberattack can lead toward a future of care and security.