Best Practices for Surviving a Ransomware Attack


Startel, Professional Teledata, Alston Tascom


By Jim Graham

In 1989 the first known ransomware attack occurred when twenty thousand floppy disks containing malware were distributed to researchers across more than ninety countries. In 2017 Symantec recorded an average of 1,242 ransomware complaints per day, not including the infamous WannaCry and NotPetya attacks. According to a survey conducted by Malwarebytes, one in six organizations impacted by a ransomware attack were down for twenty-five hours or more.

A recent attack on one of our clients was a painful reminder that ransomware continues to be a genuine threat to individuals and businesses worldwide. Our client received the virus upon clicking on a bad link in a “spear phishing” email. Their business was down for twenty-four hours before they were able to process calls.

The longer a business is down, the harder—and costlier—it is to recover. The financial impact can be just as staggering, with one hour of inactivity costing small businesses as much as $8,500. That doesn’t include lost business opportunities or the personnel cost associated with downtime.

Common Best Practices

There are many best practices, tips, and recommendations to mitigate a ransomware attack. The options can be overwhelming. However, you can lessen the likelihood you’ll become another statistic and decrease the impact of an attack by implementing these best practices.

1. Be Educated: Staff training is the first and best line of defense against ransomware. In most cases, systems are infected by user-initiated behavior such as clicking a malicious link in an email, opening an executable email attachment, or unknowingly giving a password to a potential hacker.

Educate staff about recognizing suspicious links and attachments. Phishing expeditions have become more sophisticated and targeted. These “spear phishing” attempts typically include client-specific information you’d assume no one else knows, making them much more believable. Never click on email links unless you’re absolutely certain of the identity of the sender.The longer a business is down, the harder—and costlier—it is to recover. Click To Tweet

2. Be Prepared: No matter how well-trained your staff is, be prepared for the possibility of a ransomware infection. This is where robust system and data backup strategies become essential. It’s critical to backup your data, software, and configuration settings frequently. Without a backup, you could permanently lose data. Create three copies, on two different media, and keep one copy stored securely off-site. Then test all backups to ensure you can successfully recover data.

A detailed incident response plan can make these instances a little less daunting. Take the time to put together an incident response plan, and test it each year. Also, consider investing in a business continuity and disaster recovery solution. These solutions minimize downtime and help ensure customer data remains secure and accessible 24/7.

Finally, in the unfortunate event you’re impacted by ransomware, consider enlisting the assistance of qualified IT professionals skilled at recovering from an attack. They’ll be able to get your company up and running and help minimize the impact on operations.

3. Stay Proactive: Once staff is well-trained and you have a strategy in place, continually monitor other areas of your business that may be vulnerable to ransomware. Implement these approaches to stay proactive:

  • Update operating system patches and antivirus software. On average, Microsoft releases several “critical or security”-related updates each month.
  • Limit administrative rights to only those that need to have them.
  • Deploy strong spam filters that block executable files.
  • Consider using a secure email gateway (SEG) in addition to your email client filter.
  • Set firewalls to block known malicious IP addresses.
  • Lock down your firewall from inside out to prevent data from being extracted.

HIPAA and Other Compliance Implications

A breach caused by a ransomware infection can have significant HIPAA and other compliance-related implications. Whether or not data has been taken, a successful attack is still considered a breach by HIPAA standards. Be sure you’re maintaining backups and log files for all systems that touch electronic protected health information (ePHI), because your company security policies will be subject to review by auditors. Proper HIPAA training is also essential in protecting ePHI.

Disclaimer

No matter how well prepared your business is, you can still be a victim of ransomware. However, following these recommendations will lessen the likelihood and impact of an attack.

StartelJim Graham co-founded Professional Teledata (PTD) in 1993 and served as vice president until the merger with Startel in September 2015. As the CTO of PTD, Jim draws upon his thirty years of computer and software development experience and twenty-three years of call center experience. Startel, Professional Teledata, and Alston Tascom provide unified communications, business process automation, and performance management solutions and services. They leverage their solutions and industry knowledge to empower organizations to improve agent productivity, reduce operating costs, and increase revenues. For more information, call 949-863-8776 or visit www.startel.com.