How To Prepare For A Potential Cyber Attack
a month ago, the news in the Philadelphia Area covered a ransomware attack on a local school district. The Souderton Area School District was forced to close the school for a couple of days and deal with the consequences. While a successful attack will almost certainly result in some down time, having proper preparations in place can help to save a lot of time and money.
What Is Ransomware?
Ransomware is a type of attack which locks up files and devices, forcing the user to pay the attacker big money to regain access to the files or devices. Then, for many, the user just has to hope that they will not be attacked again.
While all that sounds scary, there are ways to mitigate the risk of a successful attack and ways to minimize both the time and money that it takes to recover from such an attack.
At about the same time that Souderton suffered a ransomware attack, Flagstaff Unified School District in Arizona was dealt a similar blow. They too were the victim of a ransomware attack, and drew attention for how well planned they were and how smoothly the issue was dealt with. The district had a three-pronged plan to address it so well: network segmentation, backups and a plan of action in place ahead of time.
Segmenting a network means that not all devices on the network are able to communicate directly with each other. It would make it so that a smaller segment of the devices on the network that become infected would be unable to spread the issue to further devices. By segmenting their network, Flagstaff Unified was able to keep parts of their district running while the issue was being addressed.
In Volume 7, Issue 11 of Tech Talk News (which can also be found on the Newsletter page of the Ridge Support website), we discussed unified threat management (UTM) products offered by Sophos. By enabling both the endpoint antivirus and the XG series firewall from Sophos at your organization, the security on your network can learn about an infection and automatically segment the infected devices from the rest of the network, oftentimes even before the user realizes there is an issue.
With many types of issues, particularly Ransomware, the cheapest and most effective solution can be to clear and reset the device or even get an entirely new device. This is where the backups come in. Getting regular backups allows for the device to be restored to a state that it was in prior to suffering the infection, meaning that many files and settings can be brought back without the need to spend days recreating documents and/or customizing the device.
For further information on backups, please take a look at Volume 7, Issue 2 of Tech Talk News. This can be found on the Newsletter page of the Ridge Support website if it is not still in your inbox.
Plan of Action
The final piece of the puzzle is to have a contingency plan in place. This is not nearly as common as it should be. For many emergencies like fires or tornadoes, organizations create contingency plans and educate everyone on what they are expected to do in the event that such a situation occurs. Despite this, many organizations fail to implement a plan for their IT infrastructure. Wouldn't you consider it an emergency if your organization suddenly had no internet, access to files or ability to use their computers?
Flagstaff Unified had a plan of action in place. The staff of the district knew exactly how to respond and was able to minimize both the time and cost needed to overcome this emergency. In their case, the district had planned for a few extra "snow days" in the event of an issue like this, so their budget and schedule could be prepared.
If your organization lacks an emergency plan for a potentially major issue with your network or IT infrastructure, consider reaching out to your IT vendor to discuss developing such a plan.
We here at Ridge Support are happy to answer any questions you may have as well as assist with the implementation of a UTM like Sophos, the creation of backups and the development of an emergency plan. It is our goal to ensure that your organization is as well protected as possible.