Most companies have a plan for emergencies like a fire at the office or road-blocking weather, including training for employees to know the plan. What they don’t realize is that their company data is so important that if they were to lose it, their day-to-day operations would come to a halt. You need a plan for critical cybersecurity threats that target your company data, the most damaging of which is a ransomware attack. Ransomware is a profitable criminal enterprise, and you should plan how you will respond to a ransomware incident. Here are some valuable tips to help you prepare a quick and efficient recovery, in the event you are hit.
BACKED UP: NO `BUTS’ OR `IFS’
Protecting your company’s data starts with being able to recover it. Recent variations on ransomware are extracting then encrypting or deleting backups made on the systems they are infecting. This prevents the company from “restoring from backup” with minimal to no loss of business continuity. Consider your current data backup strategy:
- Are backups routinely taken?
- How far do they go back?
- What systems are backed up?
- Are your backups stored inaccessible from the main office network?
- How long would it take to get a backup from “offline” or “cold storage” and restore it to the production systems?
Ideally, periodic backups should be configured to be routinely (or immediately) copied off the network, verified, then saved to a secondary system which is completely isolated from the main production network. Those offline backups should also be routinely tested and verified. Restoring a week, a month, or 2 months back in time should be known processes.
Your systems should be monitored actively, and any anomalous behavior should be investigated. Investment in this approach is key. Ransomware begins with a user doing something strange (starting to encrypt all files they have access to), and this is something that can be caught early. This can be done automatically by a system’s antivirus software, or engaging technology and staff that can help differentiate routine from abnormal behavior in your networks and systems. Many reputable antivirus systems offer such solutions as a service for their customers to help separate the emergencies from the day-to-day operations. Think about:
- How quickly can you respond to anomalous behavior?
- What constitutes anomalous behavior from your users?
- Is your IT department prepared to manage anomalous behavior?
So, when (we have probably moved past the “if”) something goes wrong, is your business financially covered? Ransomware insurance has increasingly become another routine insurance premium for companies to invest in. They can send experts to help with recovering your systems if they are recoverable, or to negotiate with the ransomware gang if systems are not recoverable without the decryption key. Performing the previous steps and others your insurance company requires may entitle you to a premium reduction and limit your downtime.
SEPARATING THINGS OUT
Phishing attacks (fake emails designed to get a user to open a link that installs a virus on their computer) are one of the most common ways networks are compromised. Once in your system, a computer virus tries to elevate its permissions in the network. The more permissions each user on your network has, the easier it is for an attacker to find an account with the proper permissions to begin encrypting your data. Are your accounts provisioned in the mindset of “least privilege,” where a user has only the permissions necessary to do their job? Staff should also receive monthly training on what a malicious email attachment or phishing attempt will look like, as they are your best defense against malicious activity on your network.
SAFETY IN THE CLOUD
Many contractors use software that is available in the cloud, but is it safe? Contractors often have concerns over data protection, security threats, and potential data loss if their software is maintained in the cloud. Information stored in the cloud is more likely to be more secure than any files on your office computer because cloud service providers will implement robust cybersecurity solutions and services to protect your data.
You want to make sure that you trust your cloud partner so that you feel your data is secure and protected. Make sure the cloud providers data center is ISO 27001, SSAE 16/SOC compliant. The SSAE 16 (Statements on Standards for Attestation Engagements No. 16) verifies the controls and processes set in place by a data center and requires a written assertion regarding the design and operating effectiveness of the controls being reviewed.
Make sure your data is secure in an enterprise-class data center with a high-availability infrastructure that allows data backups and disaster recovery. Most cloud hosting services will provide you a virtual server with no additional services. Without a cloud hosting service provider, you would be responsible for getting antivirus protection, maintaining your applications, data, security, updates backups, and everything that comes along with managing servers and IT.
About the Author:
Gen Simmons is a technical product manager with HCSS, a company whose mission is to develop software to help construction companies streamline operations. For more, visit www.hcss.com.
Modern Contractor Solutions, March 2022
Did you enjoy this article?
Subscribe to the FREE Digital Edition of Modern Contractor Solutions magazine.