Ransomware Attack! What You Should Do Next

Ransomware attacks continue to dominate headlines as a costly and prevalent method of cybercrime. According to a recent study by Sophos, ransomware attacks plagued 51% of organizations, and 73% of these attacks were successful in encrypting data. With essentially a 1 in 2 chance of being hit, it is as important as ever to have a mitigation and recovery strategy in place to protect your business. 

Ransomware – defined by the United States Cybersecurity and Infrastructure Security Agency (CISA) as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable” – is a major threat to businesses in all sectors and of all sizes. Operating under the advised assumption that you will be hit with a ransomware attack, here are some recommended steps as to what you should do next:

Stop the Bleeding

One of the first steps, if not THE first, to take when you’ve been attacked is to isolate the infection and prevent it from spreading within your organization’s network. Of course, the longer the ransomware goes without being detected and stopped, the more it will proliferate and compromise additional systems. Once you suspect you’ve been the target of an attack, you want to take it completely offline as quickly as possible (think wired AND wireless), in addition to removing any externally connected storage devices. 

Identify Details and Report to the Authorities

Don’t just rush to rip your device’s power cord from the outlet and power it off, as this can erase potentially valuable evidence that may aid in the recovery process. Oftentimes attacks of this nature are identifiable, and details can be gathered which can help you (and the authorities) understand things like what type of ransomware you’ve been hit with, how it was delivered onto your system, how it spreads, what file types it targets, etc. It is always advised to report as much information as possible to the authorities, such as CISA or the FBI. 

Cleanse the Infection

While there are software solutions offered by different vendors or sites that could potentially remove the malware from your system, there is always the chance that some remnant or trace of it will persist, especially given the ever-evolving nature of new forms of ransomware/malware. Though it may seem drastic at first (more on that ahead), the safest and most effective method of making sure the threat is entirely eradicated is to wipe your storage devices and start anew with clean installations. By formatting your drives, it ensures you are starting back up from a clean slate as opposed to continuing on a device that may still be compromised, even though it might appear safe. 

Data Recovery and Backups

Since we’ve already established that it is not a matter of “if” but “when”, hopefully your potential losses are mostly, if not completely, mitigated by the backup strategies already in place within your organization. Being prepared for an attack by maintaining a robust backup solution is vital to minimizing or even eliminating the impact, and is why the previously mentioned suggestion of wiping a storage device is not as drastic as it may sound. Think about it – once you are a victim, you typically would have one of two choices: 1] Pay the ransom (note: this is usually not recommended) or 2] accept your losses and push on without the data. Both of these options leave you and your company in the loser’s column. However, if you have an offline, resilient, and up-to-date backup solution implemented, such as Continuous Data Protection (CDP), you can restore your newly-wiped machines to just the way they were before the attack. 

If your business has ever been the victim of a ransomware attack, hopefully you made it through relatively unscathed. Whether it was a minor inconvenience or a million-dollar payout, it’s important to make sure to take the steps necessary to minimize the chances of being hit again. There are lots of steps that can be taken including antivirus software, EDR solutions, web filtering technology, and phishing & security awareness training to name a few. Remember, the more you do to prepare, the better you can respond.

Let CyberData Pros help you understand where your data sits, access control, and how to protect that data. Contact us now for a free consultation and to learn more about our services.

read more

Why Do I Need Privacy and Security Documentation for My Business?

Documenting important processes for your business and employees is critical to the overall success of the business. This is no different than privacy and security documentation for your business. Having the proper documentation for your business will help with client/vendor questionnaires, insurance for your business, and knowing how secure data is.

There are multiple pieces of data privacy and security documentation that your business needs. Documentation does differ from industry to industry, but many of the critical documents are universal across the board. I’ve outlined some of these critical documents below:

IT Security Policy

Document that lays out the internal security policies of how the business uses, stores, and processes data. May include other policies such as Clean Desk, Remote Working, Responsible Parties, etc.

Disaster Recovery Plan

Set of policies and procedures on how to enable the recovery of vital infrastructure and systems following a disaster. The important portion of this document should outline critical processes and how long each process can be down in order for your business to recover.

Business Continuity Plan

Documented plan and process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations during the execution of disaster recovery.

Data Classification Policy

Policy document to classify different types of data into separate categories in order to understand “sensitivity”. These classifications could include levels such as Public, Sensitive, Private, Top Secret, etc.

Incident Response Plan

A planned set of instructions to help IT detect, respond to, and recover from data privacy or security incidents. These types of plans address issues like cybercrime, data loss, and service outages.

Risk Management Policy

Policy document that aims to provide guidance regarding the management of risk to support the achievement of corporate objectives.

Keeping your documentation current is essential so that critical pieces of the business are known to all. The worst thing that can happen is an employee walks out the door and nothing is documented. Consider this a major issue to the data privacy and security documentation.

If you feel you don’t have the proper documentation or where to start, contact CyberData Pros and we can help. It is not only important to have the proper documentation for the business, but to also keep it updated. Let us help put together a plan and carry out it out to keep your business in full compliance.

read more

Painful Experiences – Client and Vendor Security Questionnaires

It happens all the time. A client or vendor sends over a security questionnaire and you don’t know where to start. How do you fill this out? What if I make a mistake? What if I can’t answer their questions? These are just a few questions that may come to mind. In today’s world of strict compliance, these security questionnaires are becoming the norm. Being prepared and having answers is critical to ongoing business. Let’s break these down and how to approach them.

A typical security questionnaire is going to cover areas of your business that range from documentation of disaster recovery to physical security mechanisms in your business. On average, these questionnaires can be “hundreds” of questions long! Yes, you read that right and many of these require answers within a few weeks.

Start with the privacy and security documentation that you have written and know that you may need to provide some of this. We recently wrote a blog about the kinds of documentation to have and why is it important. Creating a document and data bank of answers will help you get through these questionnaires faster in the long run.

Understand the “technical” data privacy and security areas of your organization. You may have a department at your company that can help fill out the technical questions. This is great, but make sure you understand the answers in case there is any need for justification.

If this all sounds daunting and you don’t have time for it, let CyberData Pros assist you with these questionnaires. We have over 20 years of filling these out for our clients and we will help you better understand the details. Contact CyberData Pros now to see how we can help your business with this and many other data privacy and security solutions.

read more