How to Prevent and Recover from a Ransomware Attack
- Chris Ecker
- October 5, 2016
The CEO of Carbonite (an online backup service) asked in a recent post on Harvard Business Review: Is your company ready for a ransomware attack? It’s a timely question: October is National Cyber Security Awareness Month. It’s also a topic we’ve addressed before—but it’s always worth reviewing, because cybersecurity requires vigilance. This threat is not going away.
Is ransomware really a big deal?
Yes—nearly half of US businesses have suffered ransomware attacks. Let that sink in for a moment. Healthcare and financial services industries are among the biggest targets, but no organization is immune. With an association for everything, trade and professional associations are at risk, too.
The HBR article highlights a real-life example that should give every one of us pause: when ransomware locked hospital staff out of medical records and systems, they had to turn away sick people. They literally could not run the hospital due to a data freeze. Only after paying the ransom two weeks later could the hospital resume its healthcare mission. Ouch.
Cybersecurity is serious.
Ransomware is but one type of cyber threat—one to which we’re all susceptible. Here’s how HBR succinctly describes ransomware’s cause and effect:
Preying on human error, cybercriminals trick users into activating this malicious software. Users are locked out of their machines; ransom is demanded.
The rate of ransomware attacks—4,000 a day—is increasing exponentially, occurring at four times the rate it did just one year ago. Association CEOs must take this threat seriously and act now to protect the data they collect and use to serve their members.
Security is a mindset that starts at the top.
Imagine a busy employee clicking on an errant click or download and—oops! How would your association cope? What would your members think? What if this happened in the midst of your annual meeting?
Before you’re attacked, know this: prevention is a mindset. It should pervade your organization. To encourage the necessary vigilance to thwart attacks, CEOs must decide that cybersecurity is serious and behave that way.
Take these 3 steps to protect your association from ransomware attacks.
1. Know your risk.
Cybersecurity shouldn’t be relegated to the IT department. CEOs must be thoroughly aware of the risks and provide strategic direction on protecting the association from real threats. To understand those threats, start with a risk assessment. Identify all your digital assets and the risks associated with them. Note who has access, internally and externally. Review these security threats to identify security gaps in existing policies and procedures.
2. Train all staff.
CEOs should require every staff member to participate in education and prevention measures. The FBI developed a one-pager for CEOs—download it to start a conversation with your staff, board, and managed services provider.
3. Back up your data.
CEOs must be prepared for the inevitable: a ransomware or other cybersecurity attack on your organization. How? Back up your data, for one—this is absolutely critical. The inconvenience of a ransomware attack is that it freezes your data. If you regularly back up your data, you can quickly restore your systems.
Being prepared for a ransomware attack starts with these three steps, but it doesn’t end there. Check out our eBook The Cybersecurity Watchlist for Association and Nonprofit Executives for more tips on protecting your data.