Widespread migration to work-from-home arrangements over the last year to control the spread of COVID-19 left organizations more exposed than ever to virulent infections of a different sort: ransomware.
According to Boston-based cybersecurity firm Recorded Future, U.S. companies faced 65,000 attacks during 2020, in which their computer systems and data were held hostage by cybercriminals. Payments to the organized criminal enterprises in Eastern Europe and elsewhere that claim responsibility for the lion’s share of incidents rose 300 percent last year, despite mounting pressure on companies from law enforcement and national security authorities not to meet the extortionists’ demands.
Preparing for these increasingly sophisticated threats and containing the damage when attacks occur requires a level of experience and expertise beyond that of a company’s day-to-day crisis team. Here are six things to think about:
1. Build a dedicated cyber-crisis team.
Identify and engage a team with the skills and experience needed to simultaneously defend your company’s systems, reputation, customer relationships, and legal and financial interests. In addition to IT, operations, finance, HR and reputation counsel, required skill sets include expertise in systems architecture, data security and forensics to identify the source and scope of the breach, insurance to identify potential avenues of coverage and cybersecurity, and privacy law to ensure compliance with the complex tangle of federal and state laws a breach could trigger.
Getting this extended team on board, up to speed and on speed-dial before they are needed will only add to their value and save precious time when a crisis happens.
2. Make key decisions ahead of time.
While law enforcement and other experts strongly advise against paying a ransom, the decision ultimately rests with the company and possibly its insurance carriers.
Executives should discuss and agree in advance on the circumstances in which payment would be justified, such as risk to human life, evidence that the criminals are in possession of and poised to release sensitive data, or situations where the decision is in clear conflict with the company’s values.
3. Have a “Plan C.”
Consider how an attack centered on a company’s IT infrastructure could quickly upend established crisis plans and procedures.
Set up dedicated channels in a secure messaging app to ensure that executives and crisis team members have a safe way to communicate if your company’s email servers are offline or potentially compromised. Likewise, maintain up-to-date backups of crisis plans, protocols and materials in a secure, off-site location completely isolated from company servers and networks.
4. Watch your language.
Everything that a company says and does in the course of responding to an attack requires extra scrutiny for potential landmines. For example, a preapproved media statement that refers to an attack as “cyberterrorism” could inadvertently lead to the denial of insurance claims if the company’s policies exclude coverage for terrorism.
5. Enlist employees.
Since most ransomware attacks are triggered when an unwitting employee clicks a link in a spam email, your company’s employees are its first and best line of defense against ransomware.
Give workers a simple tool that encourages them to pause and look carefully for potential warning signs of phishing emails and other malicious messages. Distribute regular updates reflecting cybercriminals’ latest methods of deception to keep employees on their toes and remind them of the critical role they play in protecting the company and its customers and other stakeholders from harm.
6. Exercise regularly.
Use tabletop crisis exercises to expose executives to different ransomware scenarios and force them to think through the myriad technical, operational and reputational questions they will confront in an actual crisis. Conduct a comprehensive, live cyber-crisis drill at least once a year to put people, processes and technology through their paces under conditions of escalating stress and keep plans and teams at the peak of readiness.
Jon Goldberg is the founder and chief reputation architect of Reputation Architects Inc., a reputation risk management and strategic communications firm dedicated to building, protecting and restoring reputations in a world of diminished trust. In addition, he serves as chair of the Executive Committee of PRSA’s Counselors Academy.
[Illustration credit: shutterstock]