Window to the Law: Protecting Your Business from a Ransomware Attack

Window to the Law: Protecting Your Business from a Ransomware Attack

Oct 20, 2021
Light Theme Light Dark Theme Dark


As more businesses operate through remote systems, cybercriminals are exploiting vulnerabilities and engaging in ransomware attacks in records numbers. Learn how ransomware works and what cybersecurity measures you can use to protect your business from an attack.

Window to the Law: Protecting Your Business from a Ransomware Attack - Transcript

Hi, my name is Charlie Lee and I’m Senior Counsel and Director of Legal Affairs for NAR. 

According to some cybersecurity experts there were two pandemics last year, one was COVID-19 and the other was cyberfraud.  With organizations operating more through remote systems, cybercriminals have tried to exploit vulnerabilities and engaged in ransomware attacks in records numbers.  The FBI Internet Crime Complaint Center reported that in 2020 alone, there were more than 790,000 complaints about cybercrime which equaled a total loss of $4.2 billion dollars.  Ransomware was a major reason for this record setting year and it’s not a surprise that it has been declared the fastest growing cybersecurity threat.  In fact on July 15, the White House established a ransomware taskforce just two months after issuing an executive order declaring cybersecurity a national priority.  In this Window to the Law, I will explain how ransomware works and what cybersecurity measures you can use to protect your businesses from an attack.

Put simply, ransomware is a form of malicious software that hackers try to install by infiltrating a third-party system through unpatched equipment, phishing schemes or by using stolen access credentials.  Once the ransomware is installed, it either locks you out of your system or encrypts your data, making it inaccessible.  You will not be able to regain access until you receive a decryption key from the hackers, who will demand a ransom payment and often will exert pressure by threatening to sell or leak your sensitive information. 

Here are six cybersecurity measures that should be implemented to protect against an attack.

First, train staff to know how to spot red flags, including to be suspicious and to think before they click on unknown or unexpected links or attachments.

Second, follow cybersecurity best practices, such as routinely patching and updating software and equipment, using multifactor authentication, using email notices to distinguish external conversations, and requiring employees to update their passwords regularly. 

Third, be sure to backup data and files regularly.  Follow the 3-2-1 backup strategy so you have 3 copies of your data, 2 different formats of copy, such as disk and tape, and at least 1 copy of the backups stored off-site.  This ensures you can quickly restore your operations, and make you less vulnerable to ransom demands by cybercriminals.

Fourth, know which vendors have access to your network and files, and be sure to cut off their access as soon as it is no longer necessary.  Also, review and negotiate your contracts with them so they’re required to practice cybersecurity that meets or exceeds your standards and that their services are in accordance with industry standards and applicable laws.  This will also ensure you have legal resource in the event of any breach. 

The fifth protective measure is to be sure you have a cyber incident response plan to allow for the effective management of what can be an intense and chaotic situation.  The plan should establish an incident response team that specifies each individual’s role, and it should include your IT expert and legal counsel to protect your cyber and legal interests.

Lastly, make sure you have cyber insurance coverage.  Speak to your insurance broker to determine whether your coverage amounts are sufficient based on potential risks. Remember that there is no silver bullet or magic pill to combat ransomware.  The key is to be proactive and diligent. 

Thank you for watching this episode of Window to the Law.

Additional Resources

Data Privacy & Security

REALTORS® strongly support efforts to protect consumers' sensitive personal information.

Gone Phishing
August 3, 2021

REALTOR® associations & MLSs are among cyber criminals’ latest targets. Look for red flags & take action to protect your association from cybercrime.
Window to the Law is a monthly video series that provides valuable risk management tips and information to help real estate professionals navigate legal issues facing the real estate industry.
From the advocacy efforts to technology advances and updates on commercial industry trends, the topics in this series all relate to what’s happening in commercial real estate now and what trends are on the horizon.
These webinars and videos are an extension of the New AE Orientation, intended to provide ongoing learning on association management resources and programs to newly appointed AEs.
NAR’s new video series elevating the conversation around the issues relevant to you and what you do. Hear how your peers are putting real estate programs into practice and making an impact in their communities and businesses.
The hunt is about so much more than the house. Home buying hiccups lead to tough decisions. Guided by the expertise of a REALTOR®, First-Time Buyer puts the real in real estate.
YouTube Play Button Icon

NAR Videos on YouTube

NAR offers additional topics online covering legislation, events, industry news and guides for both NAR members and the public. Visit NAR on YouTube

National Association of REALTORS®

25.6K subscribers

Open YouTube


1.82K subscribers

Open YouTube

REALTOR® Magazine

3.96K subscribers

Open YouTube

NAR Meetings

1.85K subscribers

Open YouTube

Realtors Property Resource® (RPR)

13.4K subscribers

Open YouTube


1.46K subscribers

Open YouTube

First-Time Buyer

3.7K subscribers

Open YouTube

That’s Who We R (playlist)

Open YouTube