Mitigating the Risks of Ransomware

Mitigating the Risks of Ransomware

 

In Part 1 of our series on ransomware, we discussed the increasing threat this insidious form of malware poses to businesses. In this second and final installment, we offer strategies for protecting your company.

Mitigating the Risks of Ransomware

New strains of ransomware are emerging at an alarming rate and attackers are using new ploys to extract their ransom. All industries are affected, with services, manufacturing, finance, insurance, real estate and public administration organizations being targeted the most.

Promote employee awareness

Human behavior is the weak link making companies vulnerable to a ransomware attack. Employees can unknowingly unleash ransomware on a company’s systems simply by opening a link or attachment in an email.

Because ransomware can cost the business and severely harm operations, customer relationships, brand image and reputation, employee awareness should be a top priority in a company’s defense strategy. Some steps to promote greater awareness include:

  • Initiate training and communications about ransomware to educate employees on how it can infiltrate a company’s systems.
  • Reinforce best practices such as not opening unfamiliar attachments, remaining alert to suspicious emails, and not visiting social media or websites while on company computers or devices.
  • Send test phishing emails to see if employees will open them and the attachments. The Verizon 2016 Data Breach Investigations Report noted 30% of recipients opened the test emails and 12% clicked on the attachment.1 After conducting a phishing test, share the results to improve employee responsiveness and awareness.
  • Communicate to employees how to report suspicious emails with the company’s IT security group.
     

Craft a comprehensive plan

With ransomware incidents increasing sharply, it is more important than ever for businesses to protect their networks and critical data. To mitigate risks, companies should consider taking the following steps:

  • Develop technology back-up plans. Security experts advise having a detailed plan for backing up critical data and systems, and perhaps having parallel systems available in a cloud environment. Back-up plans enable faster recovery and can protect against loss of critical files and data.
  • Test the back-up plan regularly to see how quickly it can be implemented to lessen the business interruption impact on operations.
  • Install layers of technology security protection as part of the company’s overall protection plan against any kind of malware. Add intrusion detection systems and put firewall layers in place.
  • Use proxy management protocols to limit and control the types of websites employees can visit from their work computers or devices.
  • Form a multi-disciplinary committee to develop a ransomware response plan with representatives from IT, operations, legal, security, marketing and public relations. Share the response plan with senior executives and the board.
  • Be prepared to respond quickly. Systems staff will isolate the impact of a ransomware attack and initiate back-up plans. They will assess the damage, rebuild the systems environment, and restore data and business functions as quickly as possible. Other departments will play their roles in executing the response plan.
  • Notify local law enforcement and the FBI if your company is attacked. They can advise your company, and they also track attacks to build profiles on cybercriminals as they work to shut them down.

 

---

1. Verizon 2016 Data Breach Investigations Report, page 18. Report is available for download at: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/