Reposted with permission from Hartford Business Journal.
This provides some time to figure out what has been affected, said Chris Wisneski, manager of IT security and assurance services with accounting and consulting firm Whittlesey.
Experts also advise to immediately contact your insurance provider.
“The insurer needs to be part of that equation for all manner of reasons, including legal assistance that they can offer,” said Steve Maresca, a senior security engineer at Milford cybersecurity services provider Vancord.
Another key thing to do is consult with a cyber expert to make sure you respond appropriately. Cyber firms can provide incident response assistance, including interacting with scammers, breach investigations and compliance help.
For example, employers need to find out their state’s deadline to report breaches so they are in compliance. In Connecticut, employers have no more than 60 days to report on a cyber attack after discovering a breach.
If hit with a ransomware attack, experts advise employers to seek help and never interact with the attackers directly. They also advise against negotiating with anyone making demands.
“Once you start negotiating, they see that, the dark web sees that, and you want to avoid being that company that negotiates and pays out money,” Wisneski said.
Criminals can’t be trusted to decrypt files if you pay a ransom, he noted. Instead, hackers could take the ransom money and still never help an employer retrieve their files.
Entities that have negotiated or paid ransoms typically still lose their data, and immediately get a demand for more money, notes Maresca.
“There’s no real positive outcome by engaging with those who already acted in a nefarious manner,” Maresca said.
The U.S. Department of Health and Human Services recommends having an incident response plan as a preventative measure to a cyber attack, noting it can minimize damage.
It also recommends using endpoint security tools to check all points of entry in a network and stop anything malicious. Firewalls and intrusion detection systems can also help block suspicious activity.
A detection and response system is also helpful, such as with ongoing monitoring of unusual traffic or logins.
Experts say employees are the first line of defense against attacks, so regular training is needed to boost security awareness.
Wisneski recommends ongoing phishing awareness campaigns to educate workers on what they look like, as he said phishing is still the primary way hackers breach systems. He also recommends periodic cybersecurity assessments to gauge risk and fix problems.
Teach employees what to do if there is a problem, including drills or exercises to simulate an actual event, Maresca recommended.
The best way to avoid being impacted by a ransomware attack is to solidly back up all information offline, according to Wisneski. It allows victims to recover more easily and continue on with normal business operations, he said.
While not perfect, having two-step verification, a password plus a code to enter, can still deflect a large portion of attacks, according to Maresca.
Michael Grande, president and CEO at Vancord, said cybersecurity needs to be ongoing, and companies need to routinely monitor it and make upgrades.