Ransomware has quickly become a rising threat across all industry lines. Recent research suggests these attacks have surged by 150% in the past year alone, with the average victim payment increasing by over 300%.
These cyber risk advancements reinforce the need for board members to be actively involved in all cybersecurity development and promotion. Review the following questions we recommend board members address as they establish a culture of cybersecurity preparedness.
1. How can our organization improve ransomware threat detection?
A ransomware attack occurs after a cybercriminal gains access to a target’s network, system or data. Once securing entry, an extended length of time (dwell time) will pass before the ransomware is deployed and the attack occurs.
The dwell time may provide potential victims an opportunity to detect ransomware before the attack occurs. Board members should ensure early ransomware detection measures are employed, including:
- Maintain updated technology records to discover ransomware threat opportunities.
- Implement and regularly update all workplace technology with antivirus and malware detection software.
- Monitor critical technology, systems and data consistently for suspicious activity.
- Establish senior leadership’s notification thresholds of ransomware threats.
- Provide employees with proper training and ransomware reporting protocols.
2. How can our organization lessen a ransomware attack’s damages?
The top priority with any ransomware attack is minimizing damages. Board members should verify the implementation of these procedures:
- Encrypt data to make it more difficult for it to be compromised.
- Restrict employee access to workplace technology, systems and data. Only allow access on an as-needed basis.
- Require employees to provide proper credentials and multifactor authentication when accessing workplace technology, systems and data.
- Segment workplace networks to prevent cybercriminals from gaining full access after attacking a single network.
3. Does our organization have an effective cyber incident response plan in place?
A cyber incident response plan helps organizations react appropriately and mitigate losses amid cyberattacks. Board members should proactively collaborate with organizational leaders to establish a robust cyber incident response plan and outline:
- Designated members of the cyber incident response team (e.g., board members, department leaders, IT professionals, legal experts, HR specialists).
- Roles and responsibilities for each member of the cyber incident response team.
- The organization’s primary functions and how operations will continue through an attack.
- Communication regarding how critical workplace decisions will be made during an attack.
- A timeline and means to inform stakeholders (e.g., employees, customers, shareholders, suppliers).
- Any federal, state and local regulations the organization must follow when responding to an attack (e.g., incident reporting protocols).
- Parameters for when and how the organization will seek additional outside recovery assistance (e.g., law enforcement, insurance professionals).
Cyber incident response plans should regularly be reviewed and updated, as needed, to ensure effectiveness. Tabletop exercises and penetration testing are two effective methods to assess cyber incident response plans.
4. Does our organization’s cyber incident response plan adequately address ransom demands and the recovery process?
Board members must determine their willingness to compensate cybercriminal ransom demands. This can be difficult when data is sensitive in nature or critical to overall operations. Most cybersecurity experts encourage against complying with ransom demands as there is no guarantee cybercriminals will remove the ransomware.
Board members must also help prepare their organization for a lengthy ransomware recovery process. Restoring compromised data could take several weeks or months. During this period, implement procedures to maintain operations and minimize reputational damage.
5. Are all of our data backup protocols sufficient to protect against ransomware threats?
Backing up important data can help maintain access to essential files and information during cyber incidents. However, poor data backup protocols are easily exploited by cybercriminals and fuel ransomware attacks. Therefore, board members should ensure their organizations follow these data backup security procedures:
- Conduct data backups on a routine schedule. Backup critical data more frequently.
- Store data backups offline, separated from other workplace systems and networks.
- Only allow trusted and qualified employees to perform data backups.
We’re Here to Help
Board members provide leadership and direction for the success of the organization. Unfortunately, exposures, including cyber liabilities, can lead to claims and legal complications for directors and officers. For more risk management guidance to protect your board of directors, connect with a member of our team.