If you think your business has experienced a security breach, contact us immediately so we can help you manage, stop, and respond to the security breach.
Your business should establish policies and protocols to prevent, detect, contain, and respond to privacy and security incidents. There are three critical steps in managing a privacy incident. First, you will need to complete a security incident report. Second, you need to ensure that the incident is closed. Finally, you need to communicate and implement an action plan for remediation and recovery to all of those involved and implicated by the security breach. In this final step, you must notify all individuals, customers, and regulators of the security breach and the actions you are taking to mitigate harm. Depending on your business, your organization’s breach management protocols may need to be coordinated with the protocols established by your customers.
We’re here to support your team every step of the way as you manage a privacy or security incident. Whether you need help preparing and preventing incidents from ever happening or responding to a security breach that has already occurred, our team is ready to help.
To avoid ransomware and mitigate damage if you are attacked, follow these tips:
- Back up your data. The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This protects your data and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
- Secure your backups. Make sure your backup data is not accessible for modification or deletion from the systems where the data resides. Ransomware will look for data backups and encrypt or delete them so they cannot be recovered, so use backup systems that do not allow direct access to backup files.
- Use security software and keep it up to date. Make sure all your computers and devices are protected with comprehensive security software and keep all your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
- Practice safe surfing. Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
- Only use secure networks. Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
- Stay informed. Keep current on the latest ransomware threats so you know what to look out for. In the case that you do get a ransomware infection and have not backed up all your files, know that some decryption tools are made available by tech companies to help victims.
- Implement a security awareness program. Provide regular security awareness training for every member of your organization so they can avoid phishing and other social engineering attacks. Conduct regular drills and tests to be sure that training is being observed.
We help our clients protect themselves and their businesses against ransomware.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.
The average cost of a security incident is $5 million.