In this age of increasing cyber crime, professional service firms either have been victims of ransomware or likely will be eventually. Firms that have experienced the chaos and despair that a ransomware attack causes know that the effects are costly, debilitating, and damaging to a firm’s reputation. Through staff education, comprehensive data protection procedures, and insurance coverage, damages to your firm can be significantly minimized.
Understand what ransomware does
Ransomware is malicious software that digitally locks a victim’s computer system or files until they pay a ransom to have them unlocked. Once the malware gets ahold of an infected computer, it encrypts files and folders on local drives as well as any attached drives, backup drives, and possibly other computers on the same network. Afterward, users cannot access their data and receive extortion demands. A ransom message demands payment to unlock encrypted files.
A ransomware attack can be terrifying—the encrypted files can essentially be considered damaged beyond repair. With that damage, a firm could be exposed to tremendous internal costs, lost productivity, breach of contract claims, and even allegations of negligence in the firm’s performance of professional services. With proper preparation, it can result in nothing more than a nuisance.
Provide employees with necessary education
One of the most effective ways businesses can protect themselves against ransomware is to put employees through an effective security-awareness training program. Often, firms rely upon software as a prophylactic for these types of situations. But software by itself is not enough; users must be trained to prevent such attacks from happening in the first place.
Much of this protection is based on appropriate internet usage. Employees should understand that pop-up blockers help in preventing the spread of malicious software. To avoid accidental clicks within pop-ups, it’s best to prevent them from appearing in the first place. Employees should also constantly be reminded not to open attachments in unsolicited emails, even if they appear to come from someone in the firm or on the employee’s contact list. Clicking on a URL in an unsolicited email is far more dangerous than closing the email and going to a website directly. The same precautions should also be used on a mobile phone when using the internet.
Follow deterrent and back-up procedures
The greatest deterrent to the damage that ransomware can cause is having a regularly updated back-up. If a firm can return its system to a restoration point or clean up its system and restore lost documents from back-up, it can prevent much of the costly disruptions caused by an attack. A regular back-up regimen to an external drive or back-up service—one that is not assigned a drive letter or is disconnected when it is not performing back-up—is essential. The firm should have the back-up system outside the firm’s network where hackers cannot reach because back-ups that are easily accessible to a ransomware-infected computer might be encrypted along with the files that they are intended to duplicate.
Backing up content is not a static process. Firms should be able to perform back-ups in real time and test those back-ups. That way if a firm is targeted, instead of paying a ransom to get data back, the firm can have its system wiped clean and files reloaded.
There are a number of other things firms can do to help prevent malware infections. For example:
- use up-to-date security software,
- turn on the firm’s firewall,
- limit user privileges,
- use trusted locations for enterprise files, and
- enable automated patches for operating systems and web browsers.
Many firms have found ways to break their network into smaller parts instead of having everyone use a single server to access files. That way, even if a server gets infected, it will not spread ransomware.
Prepare firm staff for the business risk of ransomware
Not all ransomware is identical. The forms are constantly changing and becoming more sophisticated. They also are becoming easier for cyber criminals to use. The key thing that makes a piece of malware ransomware is that it attempts to extort a direct payment from the firm. The key thing that make ransomware a manageable risk is preparation and proper insurance coverage.
Recognize insurance as an essential protection
Too often, firms think that professional liability insurance covers all of their exposures; that is not the case. Coverage only applies if the underlying cause of action was based on a wrongful act or omission in the performance of professional services and not on a wrongful act or omission in the operation of a business that happens to provide professional services. That is why Victor offers a comprehensive cyber protection package. The Victor Cyber Protection Package includes the following:
- Breach Rectification Including Digital Property Replacement Coverage: The policy includes coverage for business interruption and digital asset loss, including tools to get a firm back to productive service as quickly as possible and protecting the firm’s reputation. Coverage includes digital property replacement that pays the reasonable and necessary cost to replace, restore, or reconstitute digital property from written or electronic records.
- Cyber Breach Response Team: Coverage includes access to expert risk management tools that can decrease a firm’s exposure by providing industry-specific guidance. If a ransomware event occurs, an expert team provides legal services and technical support. The team works closely with the firm and with forensic and crisis management consultants to identify the cause of the breach, determine its scope, and formulate the appropriate response. In the event of a breach, a privacy attorney will be assigned to the case and promptly respond to and investigate any event.
Victor and CNA work with the AIA Trust to offer AIA members quality risk management coverage through the AIA Trust Professional Liability, Cyber Liability, and Business Owners Insurance Programs to address the challenges that architects face today and in the future.