Reduce the Impact of Ransomware Attacks with Business Continuity Planning
When you created your business continuity plan, you were probably thinking about what would happen if the building burned down or flooded. These kinds of natural disruptions are easier to anticipate. But what will you do in the event of a ransomware attack?
If you’re not already planning for this kind of event, you should start soon. Business continuity planning can help you lessen the impact of information theft.
What Are Ransomware Attacks?
Ransomware attacks are a form of hacking that perpetrators use to ask for compensation to return your files. Somehow, they have gained access to your databases and encrypted all the information, rendering it useless. These hackers will then typically ask for a sum of money to decrypt your files. If you don’t pay, the price will increase, or they’ll leak everything they’ve collected.
While the most obvious targets might be big businesses, smaller businesses often find themselves vulnerable. Department of Homeland Security Secretary Alejandro Mayorkas said that small businesses account for up to 75% of ransomware attacks. So how do hackers gain such easy access to business data?
These attacks often start through phishing scams and drive-by downloading. Hackers will send fake emails telling you your password has been compromised or you’ve won a huge prize. Once they get you to click on the link, they can access your new password or download malware onto your device. They could even gain access from company laptops and phones that haven’t been secured before selling or discarding.
How Business Continuity Planning Can Help
So, what can be done to reduce the damage brought by ransomware attacks? This is where establishing a business continuity plan and recovery strategy will be a tremendous asset.
1. Details How Long Operations Will Be Down
Part of your continuity plan will be determining how long it will take to get your information back. If you’ve been regularly scheduling backups of your computers, you will be able to restore them in however long your IT team believes it will take.
However, the cost of not performing backups could be very high. While the ransom cost could be low, the average business took about one month to recover from an attack — and if your business is down for more than five days, there’s a 90% chance it will go out of business within a year. Figuring out how long your services will be down will mean the difference between getting back to normal or closing your business.
2. Establishes Whether You’ll Need to Pay the Ransom
By choosing beforehand if you will pay the ransom, you can react accordingly to the situation. By deciding not to pay the ransom, you may choose to perform routine backups and keep data stored in a way you can access. If you opt to pay for your information, you’ll need to plan what to do if hackers refuse to give you all your material back.
3. Lessens Overall Costs
After preparing for these scenarios, you can lower how much a ransomware attack can cost you. Instead of losing out on an entire month of business, business continuity planning can help you get back up and running in much less time. Having a plan in place may mean not paying the ransom at all. Only 61% of encrypted data, on average, is returned if victims hand over the money.
How to Develop a Plan
Once you’ve seen what ransomware attacks can do to your business, you might be more interested in developing a comprehensive business continuity plan. Here are a few preventive measures and steps you can take.
1. Use Zero-Trust Security Architecture
Many businesses use a castle-and-moat security model. This means no one outside the network is allowed access to anything, but anyone within the organization is. This is flawed because hacks could come from within your network.
Zero trust means everyone attempting access is seen as a potential threat. It establishes trust based on identity, so hacks are easier to prevent, and breaches are more easily located.
2. Use Software and Hardware Against Attacks
With a solid plan for the worst-case scenario, you can prevent the worst from happening. Use anti-malware systems to stop any outside entities from infecting your system.
If something malicious still gets through, you can have both hardware and software firewalls to prevent access to sensitive information. If you anticipate ransomware attacks, you can know how best to hinder hackers.
3. Describe How Long Recovery Will Take
If you’ve still been hacked after deploying these security methods, establish how to begin restoring your data. Figure out the length of time you can be non-operational before it starts to affect you adversely. Find out when the attack occurred and how far back you’ll be able to restore information. Identify how long it will take to erase all malware and reinstate your backups.
Finally, analyze the time it will take to re-enter any lost data. Once you prepare these strategies, you’ll be better equipped to deal with attacks.
4. Perform Frequent Backups
Backups are the best way to restore your data without having to pay a ransom. However, you need to perform backups frequently in order to make them effective in an attack.
How often you do them depends on how much you think gets done in a day, a week, or a month. Would losing even a day’s worth of data be detrimental? If so, you’ll want to consider backing up your computers each day. Also, decide whether you’ll use on-site storage, cloud storage, or both.
5. Disaster Recovery as a Service
More commonly known as DRaaS, this is another form of information backup. Disaster recovery as a service stores your entire infrastructure, meaning you can continue to operate from your service provider’s cloud.
This can help if the time it will take to delete the malware and reinstate backups is too long. Then, once your servers have been restored, any processing or data is transferred to them. DRaaS means you can continue operations almost instantly while working on fixing your home base.
Test Your Recovery Plan to Reduce Ransomware Impacts
When dealing with a ransomware attack, prevention is the best step. Business continuity testing is the best way to fail-safe your strategy and confirm that you will meet your recovery time objective.
Zac Amos is the Features Editor and a writer at ReHack, where he loves digging into business tech, cybersecurity, and anything else technology-related. You can find more of his work on Twitter or LinkedIn.