Few law firms, if any, are immune to the threat of malware, and the effects of an infection can be devastating. Law firm data and security can become compromised, let alone employee productivity, revenue and IT resources. For the purposes of this article, the term “malware†will cover types of malicious software, such as viruses, spyware, Trojans and rootkits. Considering that malware will not be disappearing anytime soon, it is important for law firms to develop an effective approach to handling it.
Create a checklist/runbook so the IT staff, or whoever is delegated the task of handling a malware infection, can do so methodically and efficiently. As an example, a plan may include some of these steps:
- Creating a list of approved tools to use
- Disconnecting the infected machine from the network to prevent spreading of malware
- Running the tools and analyzing whether the threat has been removed, including running a second scan with an additional/independent tool
- Deciding when to escalate the issue to the vendor’s technical support and when to simply stop and re-image the machine
Though it may be tempting for staff to “be the hero†and use 30 different tools to try to beat the malware, ultra-virulent varieties may simply not be worth the time and resources to try to remove (with no guarantee of success). It may be more fruitful to limit the time spent addressing an infection to, perhaps, 30 minutes to an hour, depending on how unique the machine is.
Time is money, so when the budget allows, consider having at least one standby workstation and laptop so you can simply replace an infected machine for a specific user. That way he/she can continue to remain productive while the infected machine can be worked on. The user’s data can be migrated later. Having a desktop imaging system can also minimize downtime when a spare computer is not readily available, as the same computer can typically be redeployed for the employee quickly, with a “fresh†image, usually within half an hour.
In the big picture it is best to have a multi-pronged approach to handling malware as data enters your network. Often you become alerted to an infection when a user calls you, stating that their computer is “super slow†or is “acting strangely.†By developing a holistic approach, however, you can minimize or eliminate threats before they reach the user. Here are some considerations:
- Firewalls, such as Fortinet FortiGates, offer unified threat management, which provides gateway antivirus and anti-spam protections, content filters and web page blocking, among other things, before infected data reaches the end user.
- Unified email management services, such as Mimecast, can filter and restrict attachments, where malware often hides.
- Perform regular maintenance on systems: review and apply Windows patches on servers and workstations/laptops, make sure your anti-virus definitions are up to date, review your anti-virus management console and apply patches and updates on your firewall, etc.
- As a precautionary measure, take consistent and regular backups and perform periodic data restore tests. This is critical, as it is your last resort. If backups fail to restore the data, it may become a resume-producing event.
Sometimes it is effective to protect users against themselves. After all, we are all human.
- Consider utilities like Sanboxie, which let you run programs independent of the rest of the system – in effect, protecting the users against themselves.
- Take away local administrative rights.
- Remove access to personal email accounts on company desktops and laptops.
- Create group policies to restrict launching of specific paths, to thwart malware from executing.
- Implement protection on mobile devices.
- Promote user training and awareness. Companies often have Internet use policies in place, but it can’t hurt to remind people how to use technology safely.
Each firm is different, with varying budgets and IT resources, but hopefully this article provides some food for thought as you evaluate the potential impact of malware and build a solid defense against it at your firm.
Feel free to contact Innovative Computing Systems for any questions and concerns.
{{cta(‘9f82aa10-7f9c-4ca3-989f-42b6da0c9072’)}}
