• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

VISORIE

Business Strategy & Consulting

  • Home
  • Recent Posts
  • COVID-19 economic stimulus
  • Contact
  • Home
  • Recent Posts
  • COVID-19 economic stimulus
  • Contact

What Is Your Ransomware Plan?

October 17, 2020 by Jim Ramsey

Reports of ransomware attacks continue to pepper the news and victim companies are suddenly faced with big decisions. To make things even more complicated, the US Treasury recently issued new guidance urging people not to pay hackers, noting that businesses could face civil penalties if they pay ransoms because of the possibility the hacker groups may be affiliated with sanctioned nation-states (like Iran).

Given all the craziness in 2020, it is imperative you devote some of your time to this topic right now. As a decision maker, your first job is to set expectations for your organization with respect to information security, which is started by developing and implementing a policy.

Well before making any investments in security technology and processes, you should seek assistance to fully understand the risk you may be exposed to.

What do you do after setting a policy? I recommend a cybersecurity assessment because it enables you to understand your risk profile. The outcomes of an assessment are used to guide you in making smart investments in cybersecurity. Knowledge of the threat landscape, and where your risks exist, enables you to more effectively allocate investment. Every company has a different risk profile, depending on your business structure, philosophy, organization and technology capabilities. A major risk area is a lack of awareness on the part of your organization of techniques cyber criminals use to gain entry to your network and data via email phishing and/or social media. Other key areas include:

  • System software patching and upgrading
  • Authentication and credentials management
  • Network segmentation and monitoring
  • Endpoint security
  • Data backup and restore capability

Companies that experience ransomware attacks would likely cite these points as vulnerabilities.  Reportedly, Tyler Technologies ended up paying the ransom, indeed a position no business owner wants to find themselves in.

The first step I recommend is an assessment and penetration (“pen”) testing.  Pen testing is essentially ethical hacking. It involves you engaging with a 3rd party to expose any security vulnerabilities that may exist by attempting to hack into your systems. If these vulnerabilities can be proactively identified and addressed, the damage can be reduced, or the attack itself even prevented. The cost of pen testing is a small fraction of the potential damage from a ransomware attack.

George Bower is an expert in this area. He’s the CEO of Axis Technologies and in our cybersecurity webinar he walked us through a few best practices:

  • Implement Single Sign-on (SSO) and Multi-factor Authentication (MFA) for access management
  • Use strong passwords
  • Implement a company-wide VPN, and never use public wi-fi in airports or hotels
  • Make sure your backups are working, and test your ability to restore from time to time

In the next couple of weeks, I’ll dive deeper into Cybersecurity. We received a lot of questions and feedback from the webinar and I encourage you to reach out to me if I can answer any questions.

Filed Under: Uncategorized

Primary Sidebar

Recent Posts

  • What A Difference A Year Can Make
  • The Professional Services Spectrum: Are You Focused or Drifting?
  • When Professionals Have To Manage
  • What Do You Want To Be Famous For?
  • Part III The Recent Grid Crisis: A Storm of Swords

Footer

Visorie is an independent consulting firm associated with BKM Sowan Horan, LLP, a full service accounting and advisory firm with offices in Dallas and Austin, Texas, and in San Juan, Puerto Rico.

DALLAS

15301 Dallas Parkway
Suite 960
Addison, Texas 75001
Office: 214-545-5969

AUSTIN

8310-1 N. Capital of Texas Hwy,
Suite No. 497
Austin, Texas 78731

SAN JUAN

Metro Office Park, Metro Parque 7
Street 1 Suite 204, Guaynabo, San Juan
Puerto Rico 00968

© 2020 Visorie Consulting, Inc. All rights reserved.