A ransomware attack occurs when a malicious program finds its way into a computer system and prevents a company from accessing its files until the perpetrator receives ransom payment. Even if the ransom is paid, however, there is no guarantee that the target company will regain access to its data.
The recent global WannaCry attack concerned a ransomware program that was able to exploit a Microsoft operating system vulnerability by locking up and threatening to destroy victims’ data, unless the targeted users paid a ransom. The vulnerability had been identified before the WannaCry attack and was one for which Microsoft had previously released a security update. Those who did not regularly install updates were vulnerable to the WannaCry attack.
As cyber-perpetrators become more ruthless and frequent in their attacks, it is imperative to protect your personal and business information technology (IT) systems from ransomware, breaches, or other attacks. This applies to everyone, from the one-man plumbing company to the multi-million dollar entertainment company. Implementing the following steps is a great place to start:
- Make sure to hire qualified in-house personnel to manage the company’s network and its components or contract with a reputable company to do so;
- Develop cybersecurity policies, which encompass the use of mobile and stationary devices;
- Implement a security and awareness training program with employees and any other workers that have access to the company’s computer system;
- Segment the network and create different levels of system access;
- Enable strong email spam filters;
- Require the use of strong passwords and regular password changes;
- Make sure to install software and computer updates regularly;
- Regularly back up files and make sure to have an offsite backup of files;
- Conduct regular penetration testing; and
- Formulate a security incident response plan.
This list is based upon recommendations from a U.S. Government interagency technical document recently released on ransomware.
Before ransomware or cybersecurity threats affect your business, consider contacting a competent IT consultant and a law firm with experience in online privacy and security laws to conduct an audit of the readiness of your IT defenses.
For any questions or further information cybersecurity legal issues, please contact Jim O’Brien.