'ransomware' - We’re making the buzzword manageable for CISOs
We’re not in the business of sugarcoating things.
Even if we were though—there’s no sugar-coating this one:
Ransomware threats like CryptoLocker, Cryptowall, and Locky are the real deal—and they’re not pretty. Anything that can knock out your network and
access to information in seconds should be treated seriously—though oddly enough, few businesses seem to realize the very real threat that these viruses are —to the cheapest consumer or the largest Fortune 500 Company.
Viruses aren’t picky. They’re automated extortion machines.
Now, for companies in the medical sector—the stakes have been raised.
The HHS has mandated, as of this July 2016, that Ransomware attacks are a reportable breach.
What that means is: If your company is under HIPAA, and is struck with a Ransomware strain—you may be responsible to report this to the HHS (to face potential fines) and to all customers in your database.* This doesn’t even include what could be a Herculean effort just to get the lines rolling again. And how are you planning to notify your patients—if you can’t even access your personal contacts in Outlook?
More than one of these instances in a year, and your company could throw in the towel. Even if it doesn’t -your CISO might.
Not all is gloom and doom though—this is a battle with two sides. The other side is your IT team.
Being a Managed Service Provider ourselves (credentialed IT team that handles multiple companies’ infrastructure) we have been brought on the scene in the aftermath of these incidents. One unnamed company that is now our client was hit twice with Ransomware, before they hired us full-time to monitor their network proactively. That was last year, and they have not been struck
The key word there is ‘proactive’.
Long gone are the days when an executive of a company in a billion dollar industry can hire his nephew to come repair a few PC’s with sticky keyboards and a couple of trojans. That’s now a strategy set for failure. Defense and employee training are now the must-have weapons in the IT team’s arsenal. The layers of security mentioned here are needed to weather this storm. Is your current IT team doing what is needed to protect your company? Or have you already been hit?
- Robbie Pence
Technician, Trainer, Editor.
We write articles like these because we care about the state of corporate IT.
But writing isn't the only thing we do - our expertise comes from being in the industry since 1986.
We are an MSP, and we offer a wealth of services - from managing your corporate IT, to preparing your network to pass PCI-DSS or HIPAA compliance. If that sounds like something you need, click here to learn more, or reach out to us right now by clicking here.