Posts Tagged ‘Business Continuity Plan’

Help The FBI Find A Defense Against Ransomware

Monday, September 19th, 2016
Help Fight Ransomware - Ohio CPA Firm

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

Read Also: Could Your Company Be Ransomware’s Next Victim?

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1)     Restore the machine by using backup media, or

2)     Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Read Also: How Much Is Your Data Worth To Criminals?

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

  • Provide law enforcement with a greater understanding of the threat
  • Help justify Ransomware investigations
  • Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.

To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”

Share Button

Could A Cyber-Attack Cripple Your Business In 2015?

Tuesday, December 30th, 2014

As we embark on a new year, many of us will set personal goals for ourselves or renew commitments to objectives that may have eluded us over the last year – and if you are a business owner you probably have a whole other list of initiatives to conquer in 2015. But before you dive into a new campaign, product launch or acquisition, take a moment to reassess your business’s disaster recovery and business continuity planning. Doing so could save you from unforeseen financial hardships that could devastate your bottom line.

From eBay’s server breach early in 2014 to the recent Sony Pictures hack, this year major U.S. companies found out that even the best defenses cannot guard against attacks carried out by a determined hacker (or hackers). And if these large-scale businesses are vulnerable, how is your small to midsize business expected to recover? In addition to building up a solid defense to these types of threats by employing firewalls and antivirus software, businesses with a solid business continuity plan are more likely to recover if (and when) a disaster does strike.

Plan For The Best – Expect The Worse

Could you recover from a cyber-attack or data breach? Do you have a plan in place to not only shield yourself from threats, but to swiftly respond and recover? The ISACA, an organization that engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems, encourages business owners to take a proactive stance when guarding against disasters – online and offline. If you are unsure whether your business could recover, ask yourself these questions.

  1. Do you have a thorough understanding your business’s activities, including which ones are critical to support your overall operations while satisfying your customer’s expectations?
  2. Do you know what data you need to support your business’s critical operations and do you know where this data is kept?
  3. Do you have a clear understanding of the effects of downtime within your business and, using this information, are you able to identify where you are most vulnerable?
  4. Do you have current infrastructure in place to protect your business and data against hackers and viruses?
  5. Do you consider business continuity to be a priority to your business?
  6. Do you have a documented plan in place to guide all aspects of your business through a major emergency? How about smaller disruptions like organizational, process and technology changes?
  7. If a disaster were to strike today would you be able to recover quickly while protecting the best interests of your customers and business stakeholders?

If you answered no to any of these questions your business may find itself susceptible to risk and unable to recover from a cyber-attack or data breach. Make business continuity a priority in 2015. Email Rea & Associates for more information on how you can protect your business against countless internal and external threats.

By Joe Welker, CISA (New Philadelphia office)

 

Related Articles

How Prepared Is Your Business For A Potential IT Disaster?

How Can Heartbleed Affect You And Your Business’s Online Identity?

How Can I Protect My Business From A Data Security Breach?

Share Button

How Prepared Is Your Business For A Potential IT Disaster?

Tuesday, September 9th, 2014

Natural disasters. Hardware meltdowns. New variants of viruses and malware. Unfortunately, we live in a day and age where anything can happen. It’s critical that your business is on its toes, ready to tackle any potential disaster or crisis that may come your way. But is it? If your business’s computer systems crashed tomorrow, how easy (or even possible) would it be for your business to recover? Has your business ever given thought to a disaster recovery (DR) plan? Do you have one of these plans?

It’s National Preparedness Month. A month where government agencies and businesses alike work to educate companies and organizations about the importance of being prepared whatever may come your business’s way. In honor of this month, below are five reasons why your business should create (if you don’t have one) a disaster recovery plan

Top 5 Reasons For A IT Disaster Recovery Plan

A Gartner report estimates that only 35 percent of small- to medium-sized businesses (SMBs) actually have a working and comprehensive DR plan. And from its research, Gartner also found that 40 percent of SMBs that manage their networks and Internet usage in-house will have their networks hacked, and more than 50 percent won’t know they were hacked. Pretty sobering statistics, right? There are many reasons why having a DR plan is a wise business move. In fact, here are the top five reasons why a DR plan is imperative to the success of your business:

  1. You can’t control when a disaster happens – it can happen at any time. Disasters can be natural or man-made – either way, you don’t have control over when it could happen. A DR plan will help you be prepared for anything at any time.
  2. A DR plan can help you save thousands, possibly even millions, of dollars in the event of a disaster. When a disaster strikes, it’s usually not a cheap fix. Depending on its severity, many businesses’ budgets are hit quite hard. And if this is an unexpected expense, it’s that much harder to make a complete recovery.
  3. You can mitigate your losses with a DR plan. Money isn’t the only thing at stake during a disaster. Don’t forget about the trust and confidence of your customers, employees, investors, vendors – the list goes on. A DR plan can help you retain your critical audiences during a disaster.
  4. A DR plan can help you reduce confusion among your staff and audiences. When a disaster hits, imagine the confusion and uncertainty that comes with it. In some cases, it may seem like you have no control over the situation. A DR plan can help you have an organized approach to resolving the disaster.
  5. The government may require businesses within your industry to develop and utilize a DR plan. If your business handles sensitive customer information or other information that could be critical if lost, the government may require you to have a formal DR plan, which should include yearly testing of offsite back-up recovery data.

Does your business have a DR plan? If not, you need to create one. Email Rea & Associates for more information about what to include in your plan. If you already have one in place, first pat yourself on the back, and then review it to ensure that it reflects your business’s current environment. Detailed and tested plans are imperative to the successful recovery and even for the longevity of your business.

Author: Joe Welker, CISA (New Philadelphia office)

 

Related Articles

New Form Of Malware Catching Retailers Off Guard

How Do You Protect The Value Of Your Business

What Are Some IT Audit Tips That Can Keep You Off Santa’s Naughty List?

Share Button