I am a small business owner who recently sustained a ransomware attack. The attack encrypted our company’s data and created considerable expense. For example, without access to client data and appointment logs, all upcoming appointments were lost. I have an offsite backup, but it too was compromised. At that point, I hired a forensic computer expert and paid the ransom since it was the only way to retrieve the encrypted data. Unfortunately, 15% of data was unrecoverable so the staff worked around the clock to recreate it at considerable cost. How can I protect my company in the future from such a disruptive, time consuming, and expensive ordeal?
Electronic vandalism is on the rise and creates significant challenges for business owners. The great news is there are steps you can take to protect yourself. While our focus here is on a ransomware attack, bad actors do target businesses using a variety of other scams. Previously, David Princeton co-authored an article for Wisconsin Lawyer Magazine that can be found here.
Let’s start with how the ransomware attack works. First, bad actors spend their day sending infected email attachments and links. The attachments and links come from email addresses that appear authentic, so in a rush it is easy to click. When an employee opens the attachment the virus spreads through the network and encrypts the data. Then, because the backup copies the encrypted data and writes over the prior day’s backup, the backup becomes compromised. At this point options are limited to data re-creation or paying the ransom. Tragically, even paying the ransom may not get all the data back. So, how can you protect yourself?
First, enact proactive strategies. Employers should phish test employees. So called “Whitehat” firms send realistic, but fake phishing emails to test employees computing practices. This practice raises awareness about the various forms a phishing attack can take. It also gives leadership meaningful baseline metrics so it can work with employees to improve security behaviors. Additionally, ensuring anti-virus software is up to date and adding a hard drive backup can provide even more protection.
Second, review your insurance coverage before a loss happens. Electronic vandalism insurance is a relatively new product, and many variations exist. Businesses should work carefully with their brokers to get appropriate coverage. Policies can come with inadequate policy limits or exclude risks you intended to insure against. For example, a $10,000 policy limit may be inadequate to cover the ransom demand, loss of income, forensic computer experts, and employee overtime. In sum, employers should proactively assess their vulnerabilities and risk tolerance, and get appropriate insurance coverage to meet their needs.
Finally, even if a ransomware virus infects your computer, you can mitigate the damage by taking immediate action. Upon discovering the virus, unplug external hard drives and remove the infected computer from the network. This could stop the virus from encrypting other hard drive files or from spreading to other computers on the network. Next, contact a computer expert who can take additional steps to mitigate the interruption.
As Benjamin Franklin once said, “An ounce of prevention equals a pound of a cure.” Ransomware can be disruptive and expensive, making it important to take the proactive steps today, that will reduce your risk tomorrow.