Many of our clients have heightened concern about the Colonial pipeline attack, raising awareness to the risk of ransomware on small businesses. Roark Tech Services specializes in data breach prevention, including ransomware attacks. We are well-versed in the help companies need to prepare for such attacks and mitigate exposure. Our recommendations to remain protected from the risks like that experienced by Colonial are below.
Cyber insurance can't protect your organization from cybercrime, but it can keep your business on stable financial footing should a significant security event occur. Technology, social media and Internet transactions are key to how most organizations conduct business today and reach prospective customers. These channels also serve as gateways for cyberattacks. No matter the type of bad actor -- typical brute-force hacker, organized criminals, insiders or nation states -- cyberattacks are on the rise and small businesses are prime targets. The damage can range from moderate to severe for companies large and small. As part of a risk management plan, small businesses must decide the risks to avoid, accept, control or transfer. Transferring risk is where cyber insurance comes into play. Talk to your insurance agent. Review and evaluate your cyber insurance coverage to help identify if it could help you if a ransomware attack should occur.
Incident Response plan
First, an Incident response plan outlines and defines what a cyber incident is. This may seem rudimentary, but agreement on the definition of cyber incident allows all necessary parties to act appropriately when an incident occurs. It allows everyone to understand their position and execute their responsibilities.
Once the various incidents are defined, such as a ransomware attack, a successful Phishing campaign or a breach of internal systems, the organization can prepare the tools that will help manage the incident, take the steps necessary to address a security incident and ensure required investigation and communication is conducted once the incident is addressed. It also prepares the organization to notify clients and customers, as required by law in most states. If you have an incident response plan, review it, evaluate it and/or revise it to find (and fix) any gaps. If your organization does not have an Incident Response Plan, act now to fix the roof while the sun is shining.
Written Information Security Plan (WISP)
Also known as a WISP, a Written Information Security Plan details policies and procedures that ensure confidential data is protected, the way your organization protects data and who is ensuring it is protected. A WISP includes both administrative and technical safeguards that your organization has in place. Anyone or any company that has access to client or employee information must make sure that they implement the proper level of both administrative and technology safeguards.
If ever audited by the State or a client, a WISP proves your organization’s thoughtful care surrounding the protection of data. If you have an WISP in place review it, evaluate it and find (and fix) any gaps. If your organization does not have a WISP, contact Roark Tech Services for immediate action to create a WISP for your organization.
Ransomware Response Protocol
Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the first infection, the ransomware tries to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data stays unavailable, or data may be deleted. A commitment to cyber hygiene and best practices is critical to protecting your networks. These are the best practices to help prevent ransomware attacks:
Backups: Is all critical information backed up? Are the backups stored offline? When was the last test of ability to revert to backups during an incident?
Risk Analysis: Has your organization conducted a cybersecurity risk analysis?
Staff Training: Are staff trained staff on cybersecurity awareness and best practices?
Vulnerability Patching: Does your organization routinely implement proper patching of known system vulnerabilities on computers, servers and mobile devices?
Application Whitelisting: Des your organization allow only approved programs to run on your networks?
Business Continuity: Is your organization able to sustain business operations without access to certain systems? For how long?
Penetration Testing: Has your organization tried to hack into your own systems to test the security of systems and ability to defend against attacks?
A Tabletop exercise is a meeting of the proper personnel that are appointed to play a part in a simulated emergency. Members of the right teams review and discuss the actions they will take in a particular emergency, which tests their emergency plan in an informal, low-stress environment. A tabletop exercise is used to clarify roles and responsibilities and to show an organization’s mitigation and preparedness needs. The exercise should result in action plans for continued improvement of the emergency plan. A small business should conduct a tabletop exercise at least once a year to help understand and create a strategy surrounding a possible company-wide ransomware attack or cyber security incident.
Our team of experts are always available to consult with you and ensure the right choice for your unique business. Contact us.