Businesses all over are making big news – the bad kind. A major pipeline, more than one casino, a meat producer and a regional hospital have all been in the news recently for getting “hacked” by ransomware. Some of these organizations have been completely crippled and have suffered permanent damage to their finances and reputation. There are simple ways to ensure that your data and your organization are safe though. As surprising as it sounds, it all starts with expecting to get hacked.
Expect to Get Hacked
It is important to prepare, even for the bad stuff. For example, we all expect to get sick occasionally. We have insurance, save up sick days, stock our medicine cabinet and know where our doctor and hospital are. Getting sick is just a part of life. IT problems like viruses and ransomware are the same. By preparing for the inevitable, when it happens you suffer much less than if you didn’t see it coming at all. To properly prepare, the first rule is: Expect to get hacked.
Make Good Backups
For ransomware, and many other threats, the most important preparation is making proper backups. When a user is infected with ransomware, the program goes to work encrypting all the files that the user can access. Local files, network files, removable media, etc., are all vulnerable. Because of that, local backups can also be overwritten by the criminals if they’re not set up correctly. On the other hand, backup tape, RAID snapshots, write-only media or no-delete network shares can be safer options. Another good (and low-maintenance) option is using a cloud backup service such as Backblaze or IDrive (these are just two examples), which will upload copies of your files to a cloud server and are not typically vulnerable to being grabbed by ransomware.
Teach Your People to Avoid
Avoiding getting hacked for as long as possible is important, so train your people to avoid common scams. Remind them regularly that they could get infected via email, by being presented with a fake screen to enter a username and password, or by being prompted to download a program that is really a virus. The better your people do at identifying these ways of being infected, the safer your organization will be. While you are educating your people, though, remember the first rule: Expect to get hacked. Spend some time teaching your people about what to watch for, and how to report the problem as soon as they notice something is wrong.
Teach Your People to Detect
Make sure that you train your team on how to detect trouble. With ransomware, for example, the first sign that something is wrong is often a message saying that a file is corrupt or inaccessible. Someone may open an Excel spreadsheet or Word document only to be greeted by a message like, “This file is corrupt and cannot be opened.” Often there will be another file in the same folder called something like “Readme.txt” or “Decrypt_Instructions.txt” that will have the ransom information. There could be a pop-up screen on the computer stating the ransom demand. Showing your people the signs to look for will help them quickly recognize what has happened, and allow them to report more quickly.
Teach Your People to Report
Unfortunately, it isn’t always possible to avoid being infected by a virus. Sometimes criminals can create software that automatically spreads without anyone doing anything wrong. Also, the virus could be embedded in a normal file received from a trusted source. Telling the folks in your organization about the signs to watch for and helping them feel comfortable with reporting a problem will go a long way towards quickly resolving problems. Make it very clear what users can do when they see a problem. Should they call a helpline, or send an email? Should they continue working, or shut down the computer, or do nothing until IT can respond? These are the questions that can be answered in advance and taught to your people so that there is a clear and effective way to tackle the problem. To prevent the spread of the problem to other people in the company and other file areas, a quick response is vital. When the response is underway, it is important not to place blame too quickly. No one is perfect, everyone is vulnerable and anyone can be infected. Remember the first rule: Expect to get hacked.
Take Action
Finally, once the problem has been reported, it is important to take quick action. By deciding in advance about what to do in certain scenarios, action can then be swift and effective. For example, at my firm we have a standard wipe and reimage procedure that we go through for any infected computer. We save the old drive for future analysis, and then place a new drive in the computer and reload whatever operating system and software is needed. Only then do we go to the backups to retrieve user files. Having this procedure helps us quickly begin recovery without making very many on-the-fly decisions.
One of the best ways to make specific plans is through a “tabletop disaster exercise.” To do this, you bring the operation people in your organization together at a conference table (perhaps one department at a time) and discuss worst-case scenarios. Which files would be lost if Jill or Dave had a virus? How long would the operation be down if their computer was destroyed? Who else would be affected? How quickly could the backups be restored, and are those backups safe from destruction? By asking and answering these questions in advance, your organization can be ready for the inevitable.
Every organization is different, so the steps for your organization can be different. The key is to do as much as possible in advance. Expect to get hacked, plan accordingly and you will be ready with good backups, an educated team and predefined actions that will prevent your organization from suffering permanent damage.