Security from the Start
Most companies have a plan for emergencies like a fire at the office or road-blocking weather, including training for employees to know the plan. What they don’t realize is that their company data is so important that if they were to lose it, their day-to-day operations would come to a halt. You need a plan for critical cybersecurity threats that target your company data, the most damaging of which is a ransomware attack. Ransomware is a profitable criminal enterprise, and you should plan how you will respond to a ransomware incident. Here are some valuable tips to help you prepare a quick and efficient recovery, in the event you are hit.
Backed up: No ‘buts’ or ‘ifs’
Protecting your company’s data starts with being able to recover it. Recent variations on ransomware are extracting then encrypting or deleting backups made on the systems they are infecting. This prevents the company from “restoring from backup” with minimal to no loss of business continuity. Consider your current data backup strategy:
- Are backups routinely taken?
- How far do they go back?
- What systems are backed up?
- Are your backups stored inaccessible from the main office network?
- How long would it take to get a backup from “offline” or “cold storage” and restore it to the production systems?
Ideally, periodic backups should be configured to be routinely (or immediately) copied off the network, verified, then saved to a secondary system which is completely isolated from the main production network. Those offline backups should also be routinely tested and verified. Restoring a week, a month, or two months back in time should be known processes.
Routine scanning
Your systems should be monitored actively, and any anomalous behavior should be investigated. Investment in this approach is key. Ransomware begins with a user doing something strange (starting to encrypt all files they have access to), and this is something that can be caught early. This can be done automatically by a system’s antivirus software, or engaging technology and staff that can help differentiate routine from abnormal behavior in your networks and systems. Many reputable antivirus systems offer such solutions as a service for their customers to help separate the emergencies from the day-to-day operations. Think about:
- How quickly can you respond to anomalous behavior?
- What constitutes anomalous behavior from your users?
- Is your IT department prepared to manage anomalous behavior?
Insurance
So, when (we have probably moved past the ‘if’) something goes wrong, is your business financially covered? Ransomware insurance has increasingly become another routine insurance premium for companies to invest in. They can send experts to help with recovering your systems if they are recoverable, or to negotiate with the ransomware gang if systems are not recoverable without the decryption key. Performing the previous steps and others your insurance company requires may entitle you to a premium reduction and limit your downtime.
Separating things out
Phishing attacks (fake emails designed to get a user to open a link that installs a virus on their computer) are one of the most common ways networks are compromised. Once in your system, a computer virus tries to elevate its permissions in the network. The more permissions each user on your network has, the easier it is for an attacker to find an account with the proper permissions to begin encrypting your data. Are your accounts provisioned in the mindset of “least privilege,” where a user has only the permissions necessary to do their job? Staff should also receive monthly training on what a malicious email attachment or phishing attempt will look like, as they are your best defense against malicious activity on your network.
HCSS can help
HCSS does our best to keep up on the changing threat landscape, and work with our customer partners, industry peers, and law enforcement to stay up to date on the latest trends and best practices. Our Support staff have resources available to them to not only get you started on a recovery plan, but also help get your users up and running today. We can work with your insurance incident response team to identify what’s normal or abnormal in HCSS software. HCSS can also leverage the experience we have gained with HCSS Cloud in order to provide our feedback on your organization's current cybersecurity stance, or to simply take the burden away from you with HCSS Cloud.
Contact HCSS Support for help.
