The data you leave behind is useless to your firm – but it’s valuable for someone to exploit
Your firm has done it. You’ve completed the process of selecting a modern cloud content solution to replace your old on-premise product. You’ve gone through design, testing and implementation and your firm is live and in the cloud with improved security. However, in the background there’s still a significant vulnerability lurking. The data that was migrated to the new system still remains on the old system, waiting to be exploited.
Many attorneys assume that records should be kept forever. However, in this case, the data left behind no longer has any value, it only holds risk. Furthermore, the data you’re saving is costly to keep, and your clients likely don’t want you saving their sensitive information once the engagement is complete.
What’s the risk?
Historically, the primary threat to data involved malicious actors encrypting data and demanding payment to recover it, but that has changed in recent years. Now, the dual ransom model is more common. Prior to encryption, attackers will explore the network and find large amounts of sensitive data to exfiltrate before encrypting it.
In addition to the demand for the key to unencrypt the data, attackers often threaten to release the data publicly if the ransom is not promptly paid. From the breach of the Washington DC police department, where ransomware attackers threatened to release the names of confidential informants and personal details of officers, to the recent Colonial Pipeline attack, dual ransom is becoming more prevalent. Simple exfiltrate and extort-style attacks are also doubling year-over-year according to the 2021 annual Sophos State of Ransomware survey.
Law firms can be used as a jumping off point to attack their clients’ networks in search of more information to hold hostage. Even if you pay the ransom, there’s no guarantee attackers will release the data.
Although we recommend law firms transition to the cloud, data migration can create vulnerabilities when data is left behind post-transition. Here is how you can prevent that data from being stolen:
Delete it: The best way to ensure no data is stolen and exposed is to permanently delete it. Remove data from its previous location once it is migrated to avoid possible exploitation. Firms can’t be extorted for data that no longer exists. To ensure data is deleted, deeply audit your infrastructure, in many cases, there is significant duplication of a firms data due to historic environment upgrades.
Encrypt it: If you must keep the data, the second-best defense next to permanent deletion is encryption. Encrypt the data and move it offline to secure devices that aren’t connected to the firm’s network.
Execute a layered defense: A firm’s defenses against exploitation should always be multi-layered. While firms may be confident in their strategies to prevent intrusion, malicious actors are working tirelessly to find new methods and software flaws to gain access to networks. Implement multi-factor authentication to help control access to data. Multi-factor authentication requires users to provide two or more credentials. This layered defense is much stronger than a traditional, single password.
The LOGICFORCE Difference
LOGICFORCE’s expert team helps firms achieve successful data migrations while safeguarding data. Our New Style Legal IT®️ offering is designed specifically for law firms to ensure they can move their firm completely to the cloud and ensuring all software, systems, and solutions are fully integrated into their IT environment.
Andrew Roy is a solutions architect at LOGICFORCE. He is certified and experienced with an array of major cloud platforms and migration tooling.