By now you have heard of ransomware, where cyberattackers can hold your data, software, devices and entire systems captive until you pay a ransom to get them back.<\/p>\n\n\n\n
It\u2019s part of the ever-expanding cyberthreat landscape. If you meet the attackers\u2019 demands, there\u2019s no guarantee you will get your data back uncorrupted \u2014 or at all.<\/p>\n\n\n\n
Every year, the number of cyberattacks rises and their increasing intensity has governments and industries alike concerned. It is important now more than ever for businesses to understand both the reality and ramifications of these occurrences. Organizations need to begin addressing the magnitude of this threat and make cyber-hygiene an integral part of any business success.<\/p>\n\n\n\n
I\u2019ve spoken with a number of our region\u2019s experts to help explain ransomware, what you can do to prevent it and how to behave if you are hit. The digital era requires that we take the time and effort to instill practices that are proactive, reactive, strategic and tactical, including cultural practices, policies and procedures combined in our daily logistics around data security and privacy. It also is smart to engage law enforcement.<\/p>\n\n\n\n
We live in a data-centric world where as soon as we gather information, we disseminate it. The proliferation of data offers tremendous advantages as far as timeliness and efficiency, yet the flipside is security and corporate responsibility.<\/p>\n\n\n\n
Proactive steps are the best lines of defense in preventing a hack. These include backups, disaster recovery and IT audits.<\/p>\n\n\n\n
Ryan Moisio, senior cloud engineer for BlueBridge Networks<\/a>, cautioned that backups and disaster recovery are often overlooked until you are under attack.<\/p>\n\n\n\n \u201cThe maintenance, testing and real-time continuity of your backup routines and systems could likely be the saving grace for a company\u2019s infrastructure in the event of a ransomware attack,\u201d he said. \u201cThis includes having a solid disaster recovery plan detailing actions of all internal technology staff and partners, and testing\/simulating a recovery event periodically.\u201d<\/p>\n\n\n\n Because most next-generation malware is distributed through email phishing and spam attacks, Moisio suggested the first lines of defense to protect your network include secure email gateways with advanced spam monitoring, URL checking and attachment scanning.<\/p>\n\n\n\n \u201cThis also holds true for scanning of your company\u2019s internet traffic via (IDPS) intrusion detection\/protection systems or a web filter that checks against known malicious IPs or domains,\u201d he said.<\/p>\n\n\n\n These tools are helpful for protecting a system from exploitation. But when these tools are installed across networks, a critical step can often be missed, said Dale Dresch, director of information technology at Maloney + Novotny<\/a>.<\/p>\n\n\n\n An IT audit is one of the most effective ways to ensure best practices are in place and function as effectively as possible, he said.<\/p>\n\n\n\n \u201cAn IT audit can provide important and valuable insight into IT environments,\u201d Dresch said. \u201cIt can provide some assurance that the technologies you use conform to best practices and match the level of security that your business needs. The most effective way to protect against ransomware is to implement fundamental best practices. This includes employee education, regular backups, restricted administrative access, and patching and updating software.<\/p>\n\n\n\n \u201cWhether you use an external third party or an internal audit function, an IT audit will help reduce your organization\u2019s risk and enhance communication between your organization\u2019s leadership and IT department.\u201d<\/p>\n\n\n\n The best defense, though, remains training of the end user, Moisio said. \u201cI can\u2019t stress the importance of user education enough when it comes to the topic of ransomware,\u201d he said. \u201cAs this type of malicious software evolves, knowing what to look for at the user level becomes imperative. Training sessions, weekly updates, phishing simulations \u2014 all necessary tools in the fight to combat these types of attacks.\u201d<\/p>\n\n\n\n Tim M. Opsitnick, executive vice president and general counsel of TCDI<\/a>, views user training as essential for strengthening a company\u2019s \u201chuman firewall.\u201d Security awareness training is the best way to combat ransomware, he said, and should be done periodically starting with the onboarding process for new hires.<\/p>\n\n\n\n Hackers, though, have upped their game and phishing emails are not as obvious as they once were, making the \u201chuman firewall\u201d more vulnerable.<\/p>\n\n\n\n \u201cDespite continued warnings, many employees continue to click on phishing emails which are the primary source of ransomware,\u201d Opsitnick noted. \u201cOne reason that the number is so high is that phishing emails are not as painfully obvious as they once were, and hackers have become adept at creating a sense of urgency.<\/p>\n\n\n\n \u201cDo not be the person who infects an entire company. If you are not certain, do not open an unknown email message or click on the attachment to a message.\u201d<\/p>\n\n\n\n If hackers do manage to infect your network, it\u2019s important to get advice from legal counsel with experience handling ransomware and other data- and privacy-breach events so you can understand your obligations and rights under the law, said Michael Stovsky, partner and chair of the innovations, information technology and intellectual property practice group at Benesch<\/a>.<\/p>\n\n\n\n First, Stovsky said, \u201cCompanies need to quickly determine if the ransomware attack is simply a lockdown of systems and devices by the hacker in an attempt to extort funds from the party attacked (a \u2018pure\u2019 ransomware event) or whether the hacker has gained unauthorized access to or misappropriated personally identifiable information (or will do so if the ransom is not paid).\u201d<\/p>\n\n\n\n Typically, a hacker in a pure ransomware attack treats it like a business transaction: In exchange for a fee (usually payable in bitcoin or some other cryptocurrency), the hacker provides the decryption keys necessary to unlock the locker systems or devices. \u201cIn some cases, ransomware attacks are coupled with data breaches, which could trigger additional legal obligations for the party suffering the hack,\u201d he noted.<\/p>\n\n\n\n In a pure hack scenario, it comes down to a business decision as to whether to pay the extortion payment or not.<\/p>\n\n\n\n When the ransomware attack is coupled with unauthorized access to or misappropriation of personally identifiable information, he Stovsky said, \u201ca wide range of legal obligations may be triggered under U.S. federal and state law, and potentially international law, including data-breach disclosure obligations.\u201d That\u2019s why involving counsel is so important, he added.<\/p>\n\n\n\n If you\u2019ve been hacked, the next step after evaluating how your systems were affected and working with legal counsel to evaluate the legal implications is to work with your public relations firm to communicate to employees and customers what happened, how they might be affected and what you are doing to address the issue, said Ari Lewis, co-founder and partner at Green Block Group<\/a>.<\/p>\n\n\n\n \u201cYou don\u2019t want your customers or employees to hear that an attack occurred from a media outlet rather than the company itself,\u201d Lewis said. \u201cThe unfortunate reality is that no matter how well you prepare, your company is at risk of getting hacked. It\u2019s important that you have a PR firm on retainer that helps you tell the community what happened, who did it and how you are responding.\u201d<\/p>\n\n\n\n Ransomware is catching victims off guard. Since the loss sustained is not just monetary but can be reputational, be proactive.<\/p>\n\n\n\nTraining<\/h3>\n\n\n\n
Legal issues<\/h3>\n\n\n\n
Communication<\/h3>\n\n\n\n