Ransomware: 5 Practical Steps for CEOs

We’ve all seen the stats… ransomware is growing at an alarming rate. Our experience suggests that it’s even more common than reported, businesses small and large are being caught out every day, all over the country.

So very simply, what is it? And what should you do to protect your business?

What is it?

Ransomware is a type of ‘malware,’ generally triggered when one of your staff (or you!) clicks on a link, often in an incoming email. The email can look very innocuous or credible, it may even look like it comes from someone you know!

Although there are technical precautions that can make a difference, in many cases these are ineffective and the malware can still attack your company data.

If your IT team are not keeping adequate backups, the only way to reverse the attack is to pay the ransom — probably a few thousand pounds — it is normally pitched at a level where it won’t break the bank. Once paid, the attack is often swiftly reversed (although these are criminals you’re dealing with so there are no guarantees!) and you can dust yourself down and return to business as usual. It’s an appalling and widespread problem that is very popular with criminal gangs as it is lucrative, relatively simple and they are unlikely to get caught. It’s outrageous. But what can you do?

5 Steps You Should Take

1. Discuss the issue beforehand with the Board and decide on your strategy. Would you pay? How much? Which directors or senior staff has authority to make the decision and manage the situation on the spot?

2. Ensure all your staff are trained about the dangers. There should be frequent internal communications, warnings and reminders. You and other directors should congratulate staff for being cautious!

3. Ensure your IT team or supplier has authority to restrict data access in as far as possible so people can only get to the data they really need (a ‘least access’ policy). The attack can only reach the data accessible by the user who ‘clicked’, so this access restriction will minimise the impact.

4. Ask your IT team about their backups or have them externally audited if you’re concerned. Backups must be frequent, correctly configured and regularly tested. They must be multi-version backups ie previous versions are not immediately overwritten. If the backups are in good order then you may be able to roll-back to before the attack occurred with minimal data loss.

5. Ensure your IT team have taken all necessary technical steps to screen out ransomware emails, that all your computers have up to date operating systems, patches and anti-virus. Again, if you have concerns then consider an external audit.