As of late, ransomware has been making headlines again, most recently with the WannaCry malware. The computer code encrypts files on computers, making them inaccessible to the owners. Then, a sum of money, usually in the form of Bitcoin, is demanded by the attacker in exchange for being sent the key needed to decrypt the files.

The malware can infiltrate any type of device connected to the internet, including servers, desktop computers, laptops and smartphones. Most ransomware attacks go unreported because the victims don’t want the public, and especially their clients, to know they were vulnerable. Instead, they pay up, shut up and hope it doesn’t happen again. And that sensitivity makes law firms, with their stores of confidential information, especially juicy targets.

Adam Citron, senior cloud computing specialist at Nerdio, sat down with Inside Counsel for an exclusive interview. Citron has more than 16 years of experience in the IT industry in sales, marketing and management. At Nerdio, he puts his technical expertise and driven personality to work through his daily interactions with clients, ranging from operational staff to C-level executives.

Instead of paying out the ransom, the ideal solution is to prevent the attacks in the first place, per Citron, and that requires a multi-pronged approach to security which deals with all the various ways a hacker can gain access to systems. Today, big firms have the financial firepower and staffing manpower to create custom firewalls, virus detectors and other security tools. However, medium and small law firms simply don’t have the money or time to adequately protect themselves using traditional methods.

Fortunately, a cost-effective security solution does exist: IT-as-a-Service, or ITaaS, which gives midsize and small law firms the same power and defenses as the big boys: prevention and updates, real-time monitoring, constant backups and even disaster recovery solutions. But, because an ITaaS provider is servicing many customers at the same time, law firms can take advantage of that economy of scale, getting top-end coverage at a reasonable rate.

“Preventing spam and malware is one of the first steps, and that means effective protection that is continually updated as new threats emerge,” he explained. “ITaaS watches a firm’s emails, blocking dangerous messages before they arrive in a person’s inbox. From the client side, the updates are behind the scene and automatic, saving time and money and allowing for desktop computers as well as servers to be scanned in real-time.”

Today, ransomware has been on the rise because it’s such a lucrative business, according to Citron. When hackers hold an organization’s servers or data hostage or threaten to publicly release sensitive information, the victims typically have no choice but to pay up. Ransomware has become an easy way for digital extortionists to make a lot of money, just by targeting and preying on the vulnerabilities of an organization’s IT. And with stolen data also on the rise, the scope of ransomware has expanded even further.

“The general premise is that hackers use computer code to encrypt files and make them inaccessible to their owners,” he said. “The attackers then demand a sum of money–often in the form of Bitcoin–in exchange for a key to decrypt the files. Ransomware can infiltrate virtually any type of device connected to the Internet: servers, desktop computers, laptops, smartphones, you name it.”

Although ransomware seems to be making headlines these days, for every incident in the news, there are, in fact, many more attacks that go unreported. Most fly under the radar largely because the victim organizations don’t want the public–and especially their clients–to know they were vulnerable. Instead, they pay up, shut up, and hope it doesn’t happen again.

Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.