Ransomware. It is the word every corporate board and IT team fears. Ransomware is a type of malicious software that can quickly shut down an entire network of computers and compromise an enormous amount of critical data. Often, when a ransomware attack occurs, all connected systems are locked down and a message appears on the victim’s screen stating that the victim’s system has been encrypted and that the victim’s data has been compromised. The attacker threatens to publish or delete the stolen data and systems unless the victim pays a ransom, which is typically demanded in the Bitcoin currency.

On May 12, 2017, they now-infamous WannaCry ransomware attack caught worldwide headlines when attackers compromised over 230,000 computers in over 150 countries by exploiting a vulnerability in certain versions of the Microsoft Windows operating system software. Many experts in the cybersecurity industry predict that 2017 will be the year of ransomware.

Unfortunately, most companies are unaware of how to respond to or prevent ransomware and other cyberattacks. This post provides simple, yet key steps that should be taken to prepare for and minimize the risk of a business-disrupting cyber attack:

  1. Invest in cybersecurity. There is no “silver bullet” program that will prevent a cyberattack or ensure the complete security of your system.  However, there are many industry-tested and trusted programs and services available to protect your systems. Research the right security programs for your business and invest wisely. Also, understand that the cyberattack landscape is ever-evolving. Remain current with emerging threats. Cybersecurity is a process, not a single product or program.
  2. Update software regularly. WannaCry exploited a vulnerability in Microsoft Windows software. By installing readily available security patches, companies could have protected themselves from the attack. However, many companies had not installed the updates and patches and found themselves to be the unfortunate victims of theft and extortion. Update or remove outdated software.
  3. Create off-network, secure backups of data and programs regularly. When a ransomware attack occurs, one of the first and most pressing orders of business will be to restore the system and data without having to pay the attacker. This is possible only if you have secure and up-to-date backups readily available. Generally speaking, these backups must be separate from the compromised network or they too will be inaccessible.
  4. Conduct periodic system audits. Even if you have the best security software available, vulnerabilities arise and hackers seek to capitalize upon them.  Invest in IT audits to identify system weaknesses and address them quickly. Conduct penetration testing and track outside attempts to attack your systems.
  5. Address cybersecurity risks in all vendor, software and service-provider contracts. Most companies have a number of different software providers, service providers and other vendors who have access to their IT systems. Yet, they often overlook cybersecurity issues in their contracts. It is critical to ensure your vendors also have industry standard security protocols in place to protect you. You can also include a variety of contractual provisions to ensure you are protected and your own risk is minimized in the event of an attack.
  6. Assemble a response team and plan. Have an experienced legal and forensic team lined up before you need them. When a ransomware attack occurs, you’ll need an internal C-suite team, as well as experienced cybersecurity attorneys and an IT forensic team who can assist you. Ideally, these professionals will have relationships with law enforcement and other professionals who you may need to call upon.
  7. Know what a Bitcoin is and how to obtain them. Do you know how to get 300 Bitcoin if needed?
  8. Create a public relations response plan. You will need to tailor it to your circumstances, but ransomware attacks happen quickly and can rapidly become public. Be ready to respond quickly and appropriately.
  9. Educate your employees. Cyberattacks are often caused by human error.  Educate your employees to help minimize the risk of an attack. Your employees are often your first line of defense and can spot malicious emails and suspicious activity.
  10. Obtain cyberliability insurance. Cyberliability insurance can’t prevent a malicious attack, but it can offset some of the enormous expense that can come with an attack.

Internet search giant Yahoo!Inc. (“Yahoo”) revealed last year that it was the victim of two massive data breaches back in 2013 and 2014 that potentially affected more than 1.5 billion users. Investigations into the incidents continue to reveal potentially damning information regarding what the company knew and when, how the company responded to the breaches, and the status of Yahoo’s information security at the time of the breaches. The details that have emerged paint the picture of a company that failed to adhere to basic data security requirements. Unfortunately, the technology company will likely become a case-study in what happens when an organization fails to follow security best practices.

Continue Reading Yahoo Data Breaches: A Lesson in What Not to Do

China-Great Hall of the People-163174307The newly passed cybersecurity statute of the People’s Republic of China will take effect in June 2017, and it is expected to have a significant impact on multinationals doing business in mainland China. The law affects both domestic and foreign companies operating on the Chinese mainland and covers a wide range of activities including the use of the Internet, information and communications technologies. The difficulties with determining the steps needed to comply with such sweeping changes are only complicated by the fact that a large number of key terms in the law have yet to be clearly defined. As a result, China’s new cybersecurity statute will continue to evolve as the national government interprets it.  This post endeavors to summarize some key provisions that are worth monitoring in the next few months. Continue Reading Costs and unanswered questions of China’s new cybersecurity regime