Ransomware is a serious cyber-attack on an organization where systems can be locked, files can be encrypted and even worse, sensitive data can be stolen. As your organization can hold very sensitive personal and financial data, the worst thing that can happen is this data being sold on the dark web, or even published on public websites. This would not only be a serious breach of privacy, but can impose significant reputational risk for your society, and cause substantial financial hardship.

Of course, the cyber-criminal can make these problems all go away for a ransom fee. They promise that they will provide passwords to unlock your systems, provide keys to decrypt data, and ensure the data that they stole will be deleted. Would you trust a cyber-criminal in delivering on what they promise?

We strongly recommend that your society take steps to reduce your risk of exposure and practice good security hygiene:

• Have a good data backup procedure, including daily, weekly and monthly backups. Practice recovery on a regular basis.
• Ensure your server, desktop and mobile device anti-virus/malware, along with operating system updates are always current.
• Have good cybersecurity awareness within your organization.
• Ensure that system privileges are appropriate. Not everyone needs to be an administrator.
• Ensure that administrative passwords are locked away in a safe place and only used if necessary.
• Implement password complexity and multi-factor authentication technology.
• Ensure firewalls do not have any unnecessary access points open. Prioritize safety over convenience.

In this time of increased remote working, ensure remote access technologies that have been put in place are architected and implemented in a very secure way. If you haven’t already, consider a move to Microsoft Office 365 for your email and files. We also recommend the Exchange Online Advanced Threat Protection service for an extra layer of email protection.

Please work with your IT Department or IT Service Provider to ensure you have taken all the steps to reduce your risk as much as possible. We are also available for guidance, consultation and training. At the end of the day, nothing is 100% but doing what you can to protect your organization, clients and employees goes a long way.

If you suspect you have been hit by a ransomware attack, we have created the Cyber Attack Incident Response Guidesheet to guide you. Also, feel free to contact us directly if you need help.

Source: Mike Klein, Chief Information Officer, BC Housing Management Commission. October 14th, 2020