Data Privacy Shareholder Adam Brouillet authored a guest column for the September 17, 2021 issue of Tampa Bay Business Journal offering tips for preventing and responding to ransomware attacks, as local businesses of varying sizes increasingly experience the paralyzing effects of these breaches.
Brouillet painted a picture of the risks, stresses and damages a ransomware scenario can bring to an organization: “An employee logs into the computer network only find a message on the screen that all files on the network are encrypted and unavailable unless the business pays a ransom. Initial, frantic efforts to decrypt the files without paying the ransom are unsuccessful. Business operations are on hold while executives and tech support try to figure out what happened and how to regain access to the files and resume business as usual.” Understanding the current trends in ransomware and implementing strategies to prevent such attacks can help prevent this nightmare, and there are best practices to respond and recover from an attack that breaks through a company’s best preventative efforts.
The nature of ransomware attacks is expanding. Today, these attacks go beyond simply encrypting company files but also involve stealing, which adds a new wrinkle where the cyber criminal can seek ransom to both decrypt the information and agree not to disclose the data publicly.
Some steps businesses should take to mitigate the risk of an attack are to require multifactor authentication for network access, employee training to identify phishing emails, regularly scheduled data back-up and well-crafted contracts with third-party providers to include information-security obligations, audit and indemnification rights and notification requirements.
Businesses should have a response plan in place in the event that an attack strikes. This includes consulting legal counsel to idenfity which legal issues are implicated in an attack, including notification requirements and payment demands that could run counter to federal regulation and national security interests. Organizations should also collaborate with computer forensics firm to determine the cause and scope of an attack. Finally, it is important to proactively assess cybersecurity insurance to help mitigate costs of an incident.
For the full article, please click here.
