<img src="https://tags.srv.stackadapt.com/rt?sid=lX5TOPixR5KulOF6nylJTQ" width="1" height="1">
Skip to the main content.
← Blog Home

2 min read

Rethinking Your Backup Strategy in Light of Ransomware Threats

Rethinking Your Backup Strategy in Light of Ransomware Threats

Ransomware is one of the most disruptive cyber threats facing solo and small‑firm lawyers. Should your network become infected, your data will be encrypted and thus inaccessible unless you pay for a decryption key, which may or may not work.

Whether you pay or not (and reputable cybersecurity professionals strongly advise against paying), you will need a qualified cybersecurity specialist to attempt recovery. Just know that even with their help a full restoration is far from guaranteed.

How Ransomware Gets In

Most ransomware infections still begin with social engineering, and with the rise of Gen AI, the attacks have become far more sophisticated and harder to detect. Common entry points include:

  • Malicious email attachments disguised as invoices, court filings, or client documents
  • Links to fake Microsoft 365 or DocuSign login pages
  • Fake calls from “IT support”
  • Exploiting unpatched vulnerabilities in operating systems, applications, or devices
  • Credential theft through phishing or MFA‑fatigue attacks (Repeated MFA prompts that can overwhelm the recipient)

Once activated, modern ransomware can:

  • Spread laterally across your entire network
  • Encrypt local and cloud‑synced files
  • Destroy restore points and shadow copies
  • Corrupt or encrypt connected backup drives
  • Delay execution for days or weeks to ensure it infects your backups
  • Exfiltrate data before encryption (double‑extortion attacks)

This is why recovery is so difficult and why a resilient backup strategy is essential.

Best Practice Recommendation

Cybersecurity professionals now recommend following a 3‑2‑1‑1 rule, which means you should:

  • Create 3 copies of your data
  • Using 2 different types of storage media
  • With 1 copy stored off‑site
  • And 1 copy stored as an immutable backup (cannot be altered, deleted, or encrypted for a defined retention period)

Why Immutable Backups Matter

Immutable backups, offered by many modern cloud providers, prevent ransomware from modifying or encrypting stored data. Even if your network is compromised, the immutable copy remains clean.

A Practical Backup Option for Solo and Small Firms

A common and effective setup includes:

  • A Local backup on an external hard drive or NAS (Network-Attached Storage) device
  • And a Cloud backup with versioning and immutability enabled

This gives you:

  • A fast local restore option if your internet is down
  • A clean off‑site copy if ransomware hits your network
  • Multiple historical versions in case the most recent backups are infected

Critical Notes for Local Backups

1. Always disconnect external drives after completing the backup process because ransomware can map and encrypt any connected drive.

2. Encrypt local backup drives in case they are lost or stolen.

Cloud Backup Considerations for Law Firms

Not all cloud backup providers are equal. Look for:

1. Immutable Backup Options - This is now a must-have.

2. Versioning and Long-Term Retention - Because ransomware can delay execution, you need multiple historical versions, ideally from 30 to 180 days.

3. User-Controlled Encryption Keys - This ensures only you (not the vendor) can access your data.

Why Backups Alone Are Not Enough

Even with a strong backup strategy, recovery is never guaranteed. Some attacks now include data theft and threats to make the data public and/or sell it. Because of this, ongoing staff training is just as important as technical defenses.

Mandatory Social Engineering Awareness Training for All Firm Personnel

Every employee, staff and attorneys alike, should receive regular, mandatory training on:

  • Phishing and social engineering
  • MFA fatigue attacks
  • Malicious attachments and links
  • Spoofed emails from courts, clients, or opposing counsel
  • Safe handling of client data
  • Password hygiene and MFA best practices

Training should include real-world examples, not generic warnings. High-quality training providers include companies such as KnowBe4, which specialize in phishing simulations and social engineering awareness programs.

Final Takeaway

A ransomware attack can cripple a solo or small law firm. While no backup strategy guarantees full recovery, a 3‑2‑1‑1 approach, combined with ongoing staff training, dramatically improves your odds of surviving an attack with minimal data loss and downtime.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

How to Secure Your Smartphone

3 min read

How to Secure Your Smartphone

Smartphones can be a significant cybersecurity risk, in part because many owners take a lackadaisical view when it comes to properly securing them...

Read More
How to Avoid Getting Hooked by Phishing

4 min read

How to Avoid Getting Hooked by Phishing

This blog post is in partnership with LMG Security. With professional hackers and cybersecurity criminals posing a constant threat to law firms...

Read More
Great Law Firm Cybersecurity Without Breaking the Bank

1 min read

Great Law Firm Cybersecurity Without Breaking the Bank

Has Your New Year’s Resolution to Up Your Cybersecurity Game Turned to Dust? Don’t let that happen! There’s plenty of time in 2024 to address your...

Read More