The Globe and Mail reported on April 6 2011 that four top law firms had fallen victim to cyber attacks originating from China: Major law firms fall victim to cyber attacks
The attacks were aimed at stealing sensitive data related to high value mergers and acquisition transactions. Hackers used email to pose as a partner working on the deal, and were able to embed attachments that contained malware, successfully infecting dozens of computers and comprising several sensitive documents. To defend against this growing threat, many firms have chosen to take measures such as storing documents in secure third party facilities, and are realizing the benefits of secure online file sharing, known as cloud computing.
Sophisticated cloud computing solutions limit the opportunity for hackers or infected users to penetrate security layers and access confidential data. Authorized end-users can view, upload, and change documents, but they are not able to run programs on the server – making malware based attacks impossible.
Moving to cloud based solutions will provide the highest level of security against these security threats. For firms who maintain their own data in-house, there are five ways to minimize exposure to malware attacks:
Top five ways to avoid malware attacks
- Provide employees with training on avoiding malware attacks through email
- Limit the number of employees who have a direct connection to any servers where confidential data is stored.
- Run malware software on all incoming and outgoing emails, ensure it is subscription based and up to date on the latest threats.
- Routinely review the network for evidence of a security breach at multiple levels: hardware, operating systems, and third party software.
- Maintain redundant back-up servers with additional security and further isolation from production servers.
Targeted cyber attacks on businesses are growing in sophistication and are becoming increasingly common. To avoid the severe consequences of stolen documents falling into the wrong hands, businesses must develop ever vigilant in-house IT security resources, or secure their data with third party solution providers that can guarantee up-to-date protection.