Window to the Law: Protecting Your Business from Ransomware
According to some cybersecurity experts there were two pandemics last year, one was COVID-19 and the other was cyberfraud. With organizations operating more through remote systems, cybercriminals have tried to exploit vulnerabilities and engaged in ransomware attacks in records numbers.
The FBI Internet Crime Complaint Center reported that in 2020 alone, there were more than 790,000 complaints about cybercrime which equaled a total loss of $4.2 billion dollars. Ransomware was a major reason for this record setting year and it’s not a surprise that it has been declared the fastest growing cybersecurity threat. In fact on July 15, the White House established a ransomware taskforce just two months after issuing an executive order declaring cybersecurity a national priority. In this Window to the Law, I will explain how ransomware works and what cybersecurity measures you can use to protect your businesses from an attack.
Put simply, ransomware is a form of malicious software that hackers try to install by infiltrating a third-party system through unpatched equipment, phishing schemes or by using stolen access credentials. Once the ransomware is installed, it either locks you out of your system or encrypts your data, making it inaccessible. You will not be able to regain access until you receive a decryption key from the hackers, who will demand a ransom payment and often will exert pressure by threatening to sell or leak your sensitive information.
Here are six cybersecurity measures that should be implemented to protect against an attack.
First, train staff to know how to spot red flags, including to be suspicious and to think before they click on unknown or unexpected links or attachments.
Second, follow cybersecurity best practices, such as routinely patching and updating software and equipment, using multifactor authentication, using email notices to distinguish external conversations, and requiring employees to update their passwords regularly.
Third, be sure to backup data and files regularly. Follow the 3-2-1 backup strategy so you have 3 copies of your data, 2 different formats of copy, such as disk and tape, and at least 1 copy of the backups stored off-site. This ensures you can quickly restore your operations, and make you less vulnerable to ransom demands by cybercriminals.
Fourth, know which vendors have access to your network and files, and be sure to cut off their access as soon as it is no longer necessary. Also, review and negotiate your contracts with them so they’re required to practice cybersecurity that meets or exceeds your standards and that their services are in accordance with industry standards and applicable laws. This will also ensure you have legal resource in the event of any breach.
The fifth protective measure is to be sure you have a cyber incident response plan to allow for the effective management of what can be an intense and chaotic situation. The plan should establish an incident response team that specifies each individual’s role, and it should include your IT expert and legal counsel to protect your cyber and legal interests.
Lastly, make sure you have cyber insurance coverage. Speak to your insurance broker to determine whether your coverage amounts are sufficient based on potential risks. Remember that there is no silver bullet or magic pill to combat ransomware. The key is to be proactive and diligent.