The Importance Of Your Ransomware Response

Blog / The Importance Of Your Ransomware Response

Getting it wrong could mean costly penalties.

Ransomware is a topic that I’ve covered in the recent past, so much so that you’ve read or at least seen a few of them like this one, or this one, or maybe even this one (just to point out a few). It comes up so often it sometimes feels like a broken record, so as a rule of thumb I try to limit how often I bring it up. And yet, it’s a persistent issue that needs regular addressing.

As long as there’s nothing exceptional and new about ransomware programs, dealing with them means following mostly the same old mantra:

  • Make sure you have backups
  • Test your backups
  • Secure your backups
  • Use antimalware wherever possible

These are great for avoiding infections, but in addition to all of the above, you need to have a plan for what do when if you get infected by ransomware.

The purpose behind having a plan is simple. Certain types of data and industries have specific requirements when it comes to data breaches, and part of having a plan means that you’ve already  looked into those prerequisites, answered any questions, and come up with a plan of action. It’s easier to make sure you don’t run afoul of the law and minimize your damages when you sort this out ahead of time.

In fact, it’s those breach requirements that I want to discuss this week. If you suffer a breach and find that important data (personally identifiable information, etc.) have been accessed, you may be obligated to provide a disclosure. Other obligations may include a time limit (once you discover that the data has been accessed you have a certain amount of time to inform those affected) and an obligation regarding the instructions on what clients can do (based on what was accessed).

When you think about it, these requirements actually make sense. If you’re in charge of important data and someone who should not have access gets their hands on it, you need to let people know, and quickly. This means you need to give useful and clear advice based on the information that was accessed. Here’s where we run into a problem.

You may remember a recent, fairly major breach at the hosting company Blackbaud. An attacker got into their infrastructure, then into several customer environments, and took a look at all sorts of information. Apparently, Blackbaud did not disclose the full impact despite knowing that more data had been accessed than what they were admitting to. Not only are they now being sued by multiple victims in different countries, the SEC also just slapped them with a $3 million penalty for not being truthful in their disclosures.

Now Blackbaud may be an American company, but they are being sued in Canada, under Canadian laws, by Canadian customers. Depending on the type of data that was accessed different Canadian laws and regulations impose certain requirements. Look into it and come up with a plan ahead of time so you can hopefully avoid being sued to for properly protecting peoples data and fined for not fulling your minimum obligations.

This Shakespeare quote come from ‘All’s Well That Ends Well’ and it goes “The web of our life is of a mingled yarn, good and ill together”.

If you’d like help preparing a ransomware recovery plan, backups, or any other security issue, contact the experts at TRINUS and get yourself some stress-free cybersecurity today.

 

Be kind, courtesy your friendly neighbourhood cyber-man.

 

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.