A lot happens before ideas become solutions.
At ElixWare we want to bring you more than just great, affordable software. We want to let you know how and why we do what we do.
Our Ruminations blog will bring you insights into how we got here and some of the things we consider when trying to help you run your business. We hope it gives you a better understanding of how we strive to better serve your needs.
If you're prepared for a business disruption, or a supply chain disruption, then you're prepared to prevent or even respond to a ransomware attack. Ransomware is serious business. But if you're prepared then you've given your small business its best chance of surviving a ransomware attack.
Control what you can control; prepare for the rest.
Ransomware isn't just holding your company's files for ransom. The hackers upload your files before encrypting them. The data from your company will be sold on the black market whether you pay the ransom or not (and you should never pay the ransom). Sure, the hackers say they won't sell your data if you pay up, but you simply can't trust organized crime operators.
Did you know that 80% of organizations that pay the ransom become repeat ransomware customers? So never pay the ransom.
Disruptions to fuel and food suppliers is just the tip of the iceberg. What happens when ransomware hits a major processing center for credit cards? Credit card transactions and ATMs will grind to a halt, and so will our economy. What if ransomware hits a major payroll company? If you think missing a paycheck would be the worst that can happen, guess again. If you have direct deposit the hackers now have your bank account number, routing number, name, SSN, etc. Missing that paycheck will be the least of your worries.
Ransomware isn't just big business, it's become an industry upon itself. With service providers, affiliates, ransom negotiators, customer support and even P.R. efforts.
The best way to protect your company is to be prepared. That means training your staff not to fall for phishing and social engineering schemes. That means having backups that aren't accessible to the ransomware infection. That means having a DRP, BCP and an Incident Response Plan (IRP). That means having cybersecurity insurance that includes ransomware coverage (not all policies do). And that means you and your employees should use strong, secure passwords, and use a password manager application. Read more about password manager options, features and pricing.
Read more about what cyber insurance covers, how much it costs and how much you might need.
Having printed copies of your emergency plans and important business documents is critical. But make sure you also have digital copies of your DRP, BCP and IRP, as well as copies of your important business documents. Do you even know what they are? Things like your insurance policies, deeds or leases, recent tax documents and bank records, any professional licenses, and anything else that you may need in case of emergency. ElixWare will be offering an online safe storage option for small business later this summer.
No matter how prepared you are, if your small business gets hit by ransomware, you're going to be facing a significant, if not fatal, business disruption. If you're not prepared you may be dealing with another 'R' word: regret.
Like many things in life, the work you put in up front makes everything else easier. If your small business is prepared for a disaster or disruption, you'll be grateful for already having made the effort.
You'll need to get your hardware requirements together, source your replacement hardware, set it all up from scratch, and then restore from your backups. But your backups will only get you so far. All the important files that you and your staff keep on local hard drives aren't getting backed up, so now they're potentially infected and cannot be restored. You'll probably be tempted to save some of them, but you should never do it. Are you willing to go through all of this again for what's in those potentially infected and/or booby trapped files? If not, make sure those important files are stored on your network or that your local hard drives are backup up frequently.
I would strongly advise you to pre-qualify one or more local tech support companies to help you with your recovery and hardware replacement. The sooner you're back in business the better your chances of staying in business.
No one likes to listen to doomsayers, even when we know they might be right. Think of preparing your DRP, BCP and IRP as a combination of investing in your business and investing in insurance. Trying to figure out what you're going to do, what your options are and where you can turn are not decisions you want to make in the heat of the moment.
We hope you never need any of the preparation we're suggesting here. But if you ever do, I can guarantee you that you'll feel relieved. And that will be the first 'R' word on your road to recovery.
prev post: Bitpourri - Burgers, Chips and Cookies