In a previous blog we mentioned the only things certain in life are death, taxes, and ransomware. Ransomware attacks are growing exponentially, meaning it is only a matter of time before you and your business could fall victim to these attacks. It is critical to have plans in place in case your business does get ransomware. Today we are going to talk about procedural steps and plans your business needs in case of a ransomware attack, why these plans are essential to have in place, and how Mnemonix can assist with creating these plans and keeping them up to date.
Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Attackers encrypt the files on your system and hold it “hostage” until the demanded ransom is paid. With the number of ransomware attacks growing exponentially every day, it is a matter of when, not if you will get impacted by this type of malware. It is essential to be prepared for when this day may come. To be prepared for such an attack, it is best to have downtime procedures, business continuity plans, insurance, cash flow, and viable channels of communication. We will expand on how each one of these aspects can be created and implemented in your business.
1. Downtime Procedures
While each one of the following topics is equally as important, downtime procedures is essentially an umbrella term that loops together all the processes needed to be prepared for a ransomware attack. While computers and other technologies are vital in today’s day-to-day work, it is important to still be able to maintain an operational workflow without relying on technology entirely. In some cases, that is not possible which makes having your data backed up at an off-site location essential. In the event of a ransomware attack, having off-site backups fully intact will allow your business data to be recovered quickly and efficiently. Given the situation where the backups were also encrypted, it is important to contact the right resources to help ensure that recovery process will be as smooth as it can be. This includes reaching out to your IT department, authorities, and insurance companies to get the ball rolling with a data recovery process.
2. Business Continuity Plans
The purpose of business continuity planning (BCP) is to mitigate the interruption of critical business functions and respond quickly to restore operations. Some examples of metrics we can look at when it comes to BCP are maximum tolerable downtime (MTD), recovery point objective (RPO), recovery time objective (RTO) and work recovery time (WRT). MTD is the length of time a business’ operations can be down before the business experiences a severe adverse impact. If this threshold is exceeded, the business is at risk for never recovering. RPO is the point to which restored backups return business functionality. For example, if the latest backup is two days old, the RPO is 48 hours before the ransomware attack. Therefore, it is critical to have daily backups to your data. RTO is the time needed to clean systems of malware and restore the latest backups. Lastly, WRT is the time it takes after a backup is restored to reenter the lost information and return to full functionality. While these are examples of BCP topics to have covered and communicated throughout leadership of a business, it is important to keep up on them and have the metrics accurately represent what your business can currently handle.
3.Insurance
The increase in payouts related to ransomware attacks has forced insurance companies to accommodate and adjust policies with new terms and agreements. Cyber insurance that covers the risk of a ransomware attack has become widely available in recent years. These types of policies typically cover some or all the money spent to pay the ransom demands in the event of an attack. This approach runs under the assumption that the ransom amount will be less than the cost of replacing or restoring files and equipment impacted by the attack along with the associated downtime. Insurance companies have cracked down on terms and conditions regarding cyber insurance, so ensuring that your business complies with the standards required by insurance companies is critical if the business hopes to receive any insurance money when hit with ransomware. Mnemonix is happy to work with your business to ensure all the terms and conditions of your insurance company are met.
4. Cash Flow
While insurance companies may assist with the ransom payment, or cost of restoration, having cash flow is essential for many reasons. If your business does not have insurance, having cash readily available is critical because the ransom payment or cost of restoration is not likely to be cheap. Having the safety net of fluent cash flow in the business allows for you to work directly with IT and authorities without the fear of not being able to make the payment to them for assistance. Data recovery, network re-design and purchasing new hardware can get expensive quickly, making readily available cash essential to have if your business depends on technology to function.
5. Communications
Maintaining flawless communication is one of the most critical steps of any crisis management plan. A ransomware attack isn’t an exception. It is important to inform your employees of the attack as employees who may not yet be impacted will have the chance to take precautionary steps to prevent any further spreading of the ransomware. It is also crucial to have alternate communication channels in place to help employees communicate and continue their work. Moreover, it is essential to inform all your vendors and stakeholders about the breach so others can protect themselves accordingly. Working directly with IT and authorities as soon as the attack is noticed can save your business money as they may be able to pinpoint the attackers or stop the spread before more damage unfolds.
The previous topics are examples of business plans your team should have in place in the event you are hit with a ransomware attack. Mnemonix has helped build these plans with clients as well as help them with the recovery process because they had plans in place. If you would like to discuss opportunities for Mnemonix to assist with building these plans out, or have any questions regarding this topic, please reach out to us.
Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Attackers encrypt the files on your system and hold it “hostage” until the demanded ransom is paid. With the number of ransomware attacks growing exponentially every day, it is a matter of when, not if you will get impacted by this type of malware. It is essential to be prepared for when this day may come. To be prepared for such an attack, it is best to have downtime procedures, business continuity plans, insurance, cash flow, and viable channels of communication. We will expand on how each one of these aspects can be created and implemented in your business.
1. Downtime Procedures
While each one of the following topics is equally as important, downtime procedures is essentially an umbrella term that loops together all the processes needed to be prepared for a ransomware attack. While computers and other technologies are vital in today’s day-to-day work, it is important to still be able to maintain an operational workflow without relying on technology entirely. In some cases, that is not possible which makes having your data backed up at an off-site location essential. In the event of a ransomware attack, having off-site backups fully intact will allow your business data to be recovered quickly and efficiently. Given the situation where the backups were also encrypted, it is important to contact the right resources to help ensure that recovery process will be as smooth as it can be. This includes reaching out to your IT department, authorities, and insurance companies to get the ball rolling with a data recovery process.
2. Business Continuity Plans
The purpose of business continuity planning (BCP) is to mitigate the interruption of critical business functions and respond quickly to restore operations. Some examples of metrics we can look at when it comes to BCP are maximum tolerable downtime (MTD), recovery point objective (RPO), recovery time objective (RTO) and work recovery time (WRT). MTD is the length of time a business’ operations can be down before the business experiences a severe adverse impact. If this threshold is exceeded, the business is at risk for never recovering. RPO is the point to which restored backups return business functionality. For example, if the latest backup is two days old, the RPO is 48 hours before the ransomware attack. Therefore, it is critical to have daily backups to your data. RTO is the time needed to clean systems of malware and restore the latest backups. Lastly, WRT is the time it takes after a backup is restored to reenter the lost information and return to full functionality. While these are examples of BCP topics to have covered and communicated throughout leadership of a business, it is important to keep up on them and have the metrics accurately represent what your business can currently handle.
3.Insurance
The increase in payouts related to ransomware attacks has forced insurance companies to accommodate and adjust policies with new terms and agreements. Cyber insurance that covers the risk of a ransomware attack has become widely available in recent years. These types of policies typically cover some or all the money spent to pay the ransom demands in the event of an attack. This approach runs under the assumption that the ransom amount will be less than the cost of replacing or restoring files and equipment impacted by the attack along with the associated downtime. Insurance companies have cracked down on terms and conditions regarding cyber insurance, so ensuring that your business complies with the standards required by insurance companies is critical if the business hopes to receive any insurance money when hit with ransomware. Mnemonix is happy to work with your business to ensure all the terms and conditions of your insurance company are met.
4. Cash Flow
While insurance companies may assist with the ransom payment, or cost of restoration, having cash flow is essential for many reasons. If your business does not have insurance, having cash readily available is critical because the ransom payment or cost of restoration is not likely to be cheap. Having the safety net of fluent cash flow in the business allows for you to work directly with IT and authorities without the fear of not being able to make the payment to them for assistance. Data recovery, network re-design and purchasing new hardware can get expensive quickly, making readily available cash essential to have if your business depends on technology to function.
5. Communications
Maintaining flawless communication is one of the most critical steps of any crisis management plan. A ransomware attack isn’t an exception. It is important to inform your employees of the attack as employees who may not yet be impacted will have the chance to take precautionary steps to prevent any further spreading of the ransomware. It is also crucial to have alternate communication channels in place to help employees communicate and continue their work. Moreover, it is essential to inform all your vendors and stakeholders about the breach so others can protect themselves accordingly. Working directly with IT and authorities as soon as the attack is noticed can save your business money as they may be able to pinpoint the attackers or stop the spread before more damage unfolds.
The previous topics are examples of business plans your team should have in place in the event you are hit with a ransomware attack. Mnemonix has helped build these plans with clients as well as help them with the recovery process because they had plans in place. If you would like to discuss opportunities for Mnemonix to assist with building these plans out, or have any questions regarding this topic, please reach out to us.