Skip to Main Content
Services Talent Knowledge
Site Search


January 14, 2022

Kevin Szczepanski and Nick DiCesare Featured in Buffalo Business First Article on Ransomware Attack Preparedness

Kevin Szczepanski and Nick DiCesare, Cybersecurity Team co-leaders, were featured in the Buffalo Business First article “Attorneys Warn That All Companies Should Be Prepared for a Ransomware Attack” about the recent cyberattack on Kronos, a workforce management company, which seriously affected payroll systems. The article is part of Buffalo Business First’s Business of Law: Tech & Data Privacy series. 

Ransomware attacks use malware to encrypt files, denying a user or organization access to information until a ransom is paid. 

Kevin provided background on why companies shouldn’t pay ransoms to restore access to their data, noting four key reasons: 1) bad actors will target a business they know has previously paid a ransom, 2) paying the ransom doesn’t guarantee the bad actor will return the business’s data, 3) if the data is returned, there’s no guarantee that all the data will be returned, and 4) paying a ransom creates a moral hazard. “When you subsidize bad behavior, you tend to get more of it,” Kevin said.

Nick highlighted the fact that bad actors often infiltrate a company’s system without being detected, gradually finding where information is backed up before launching their attack. “They get into your system someway, and then they spread out without your business knowing,” he said. “They try to get into your backups, so when they launch the ransomware and shut down the system, they have the backups too.”

To be prepared for a ransomware attack, Kevin recommended that companies implement and enforce measures such as training, policies, and procedures. “You want to make sure your employees are trained on best practices so they can identify a social engineering scam, a malicious email, or another attempt to breach an organization’s system,” he said. 

An effective way businesses can prevent cyberattacks is prohibiting employees from using their work email account for personal use (e.g., subscription services). Nick said, “It can really help employees identify if something is fishy, because they’re not expecting those things coming to their work email.”

Creating an incident response team is an effective way to prepare for a cyberattack. If an attack takes place, the team will know who to contact and what the next steps are. “The more you can do in advance to prepare, the better able you are to reduce the risk and the more efficient your response will be,” Nick said.  

If you’re a Buffalo Business First subscriber, you can read the full article here.

Featured Media


The New York FY 2025 Budget – CDPAP FIs Under Threat


Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Anderson, Beauchamp, Murray, Angeles, Monegro, and Bullock—Targeting Businesses in Recent Flurry of Lawsuits


Updated Bulletin on Tracking Technologies in the Health Care Industry


NYS Board of Regents Adopts Regulations on the Mental Health Diagnostic Privilege


First Department Clarifies Pleading Requirements Under NYS Child Victims Act


Beneficial Ownership Reporting Requirements Under the CTA: Quarterly Reminder

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out