The recent massive global cyberattacks have made “ransomware” a household term. The unique nature of this type of breach is that your most critical asset – your data – can be put in a hostage situation. The fact that a hacker can lock down your data and demand payment in return for it is a scary proposition. You have no guarantee that they will keep their word.
Here are three key things you need to have in order to avoid this terrible situation. (If you need a quick primer first on what ransomware is, click here.)
1. Security Architecture – Your security architecture is more important than ever. It is not good enough these days to rely on a firewall and some antivirus applications on a few servers. Every firm should have a central logging server at the base level. Ideally, you should have a Security Incident and Management, or SIEM, system as well. Additionally, patching of your systems is arguably the most crucial thing you can do on a regular basis. If that is not something you do today, then start making it a mandatory habit. There are plenty of service providers that will do it for you if your people don’t have time. It is not something you can ignore.
2. Disaster Recovery – Disasters are not just smoking craters or meteors hitting data centers. A breach is a disaster in and of itself. There are products and services today that can help you restore your systems back to the point you were at immediately before you identified the breach. Click here for a quick summary of essential components of DR planning. It may be that you do not know when that piece of code ran, but you will at least be able to get back to the point in time prior to that, once you know. There are people who can help you figure that out. Read on for more on that topic.
3. Breach Services – In the same way that we all carry insurance plans, it’s important to have an incident response and forensics firm on retainer well ahead of any trouble you might run into. They will be able to help you within minutes of an attack and can give you the proper advice of what to do immediately. A quality provider will also analyze your logs and environment to pinpoint when the breach happened, what gaps there were and what you need to do next. I can’t stress to you enough how important this is and that you need to be ready to work with someone you trust as soon as you have an issue. Trying to get help after a breach is difficult and expensive if you don’t have an established relationship in advance. Also, an incident response and forensics firm is a key relationship to leverage for proactive planning so you can have a proper security architecture and disaster recovery plan for the future. If you’re interested in getting more information about incident response and forensics.