An HR clerk opens an unknown file embedded in an email message, inadvertently encrypting company files; an off-site employee surfs to a hacked website, infecting their computer and your network; a senior manager is tricked into sharing personal data by a phishing email: these events happen more often than anyone would like to believe. And ignoring the risks or denying your vulnerability will not prevent the inevitable cyber-attack on your business. Here are some steps you can take to fight back and protect your data, your business, and your brand:
Do not pay the ransom.
Paying the ransom offers no guarantee that you’ll regain access to your data, so don’t pay it. You’ll only encourage more attacks.
Require immediate notification.
Your IT department needs to be aware of a ransomware attack as soon as possible. These experts will be able to work quickly to mitigate risk and prevent further damage.
Shut down the attack.
Disconnect the infected machine from the network, but do not shut down or restart the machine. The goal of any ransomware is to infect as much of the network as possible and render your infrastructure useless. If you can isolate the attack, you’ll prevent the spread of infection, and there may be valuable information in the machine to help identify the source of the attack.
Determine your weakness.
How did ransomware gain access to your systems? It may be easy to identify the infection point, because it is often caused by carelessly opening a file. This is yet another reason why education and ongoing training for your employees is critical for threat prevention.
Assess the damage.
Before you can respond to the threat, you need to know how far the ransomware spread within your infrastructure. Search all folders, drives, storage devices, and cloud-based services. Inspect external hard drives as well, such as USB sticks, phones, cameras, and other digital equipment your business uses. Ransomware can lurk anywhere within your networks, and you don’t want to re-infect a clean system with the same virus.
Identify the ransomware.
How you respond to the ransomware will depend on the strain that has infected your systems. There are decryption tools available, but time is of the essence. You might be able to access some of your data if you can halt the ransomware in its tracks.
Give the authorities a heads up.
There is likely a regulatory body that needs to know about the ransomware. GDPR, for instance, outlines new legal repercussions for businesses who don’t respond appropriately to security breaches, but notifying the appropriate authorities goes beyond admitting a mistake. Cyber threats exist, and the more that is known about their presence, the better businesses will be able to defend against them.
Decide on your plan of action.
What will you do now? Will you pay the ransom and hope for the best, accept the loss of data, or attempt to decrypt your data? Kaspersky, McAfee, and others have decryption tools that may help…but your best line of defense against ransomware is offsite backup and recovery.
Find out what went wrong.
Every cybersecurity expert will tell you that nothing is foolproof. Data breaches will happen. However, there are still steps an organization can take to prevent ransomware attacks and other forms of cybercrime, thereby minimizing the damage when malicious access is gained. Identify how the ransomware infected your systems and develop defenses to prevent a similar incident.
Prevent ransomware attacks with a Managed Service Provider (MSP)
Proactive, preventive measures are the best cybersecurity strategies. An MSP can help you ensure that your organization has the strongest detection software in place to catch hackers before they gain access to your systems. Your MSP can also help you set up offsite backup and recovery services so that if something happens to your data, you’ll be able to recover it quickly, minimize downtime, protect your customers, and be up and running immediately.
Update your cybersecurity strategy.
A ransomware attack, or even a close scare, is the perfect opportunity to reassess all preventative strategies and ensure that all systems are updated as necessary. From making sure your licenses are up to date, to making sure patches have been installed to prevent security breaches, to training employees to recognize the signs of phishing emails, your MSP should be a comprehensive cybersecurity partner leaving nothing to chance.
A Managed Service Provider can offer your business the best solutions possible and work diligently to ensure that the percentage you budget to IT is worth every cent. Partnering with the right MSP does make a difference. Today’s MSP does more than just provide technology and facilitate server upgrades; the right MSP is an integral layer of your cybersecurity. At thinkCSC, cybersecurity is simply factored into everything we do. We can partner with your Columbus-region organization to develop a unique solution designed to fit your business model. Take the first step towards advanced cybersecurity practices and contact us today to learn more about our enhanced Managed Security options.