In January, a vicious ransomware virus targeted our company, Bag Makers (asi/37940). This attack crippled our business-critical systems for more than a week, but we survived and gained new insights into our IT security plan. Every company in our industry should be prepared for this kind of cyberterrorism. It’s becoming the unfortunate new reality in today’s digital world. Here are some takeaways we can share to help you protect your business.

Chief Technology Officer Jeremy Bayness, Bag Makers

Ransomware, Malware, Viruses, Trojan Horses
All of these are a threat for every company in existence today. The lure of easy money, theft of proprietary intellectual property, or the pure thrill that threat actors (hackers) get from infiltrating systems makes this an issue every IT department will need to battle for the foreseeable future. While the standard viruses of yesteryear are still around, the major threat now is customized malware built for targeted attacks. These can run silently and avoid detection by standard antivirus programs.

Are You Stopping Threats at Your Endpoints?
Any computer with an internet connection is a targetable endpoint. It’s important to keep up with the latest manufacturer updates since new exploits seem to pop up daily, but patching systems can lead to crashes. Before you deploy, test your patches in an isolated sandbox testing environment to protect your production servers. Lock down your firewall and make sure the correct staff receive threat alerts.

Also, analyze whether standard antivirus and malware monitoring solutions offer enough coverage for your environment. If not, consider “Next-Generation” antivirus solutions – advanced protection that incorporates new technology and comes with 24/7 monitoring.

Security Is Only as Strong as Your Weakest Link
What is your weakest link? Humans. Illegitimate phishing emails look more sophisticated every day. Our IT team regularly educates staff about fraudulent email attempts and shares examples to watch for. Despite these efforts, a malicious email was opened by one of our employees, and it released a ransomware virus that spread rapidly across our systems and encrypted our files.

Consider using a third-party employee-training service that educates staff about methods hackers use to gain unauthorized access to networks. Every employee with a work computer should sit through this mandatory training at least once or twice a year, from C-level executives to interns. I’ve been an IT professional for more than 20 years, and even I didn’t get a perfect score on my last test. We’re implementing more comprehensive training, and we encourage you to do the same.

Also, enable multi-factored authentication for, at a minimum, any global admins and C-level executives. This can help prevent unauthorized access and prevent an attack from gaining a foothold.

Backup, Backup, Backup – Then Back It Up Again
The general rule of thumb for backup strategy follows the 3+2+1 theory: three copies of your data on two sets of media with one set being stored offsite. Your backup software makes the first copy, which is then transferred to disk on another server before being backed up to tape. Then, upload a copy to a secure cloud for final redundancy. We had data replication set up to an offsite disaster recovery site, forgoing traditional tape backups. Guess what? The cybercriminals targeted that data as well. Tape backups and an air-gapped solution are an absolute necessity.

Also, backups are only as good as your last validation. You may feel confident because your system has been set up for years and you get success emails daily. But have you ever tried a full restore? You better. Don’t fall into the trap of complacency. Verify the integrity of your backups at least quarterly.

Finally, consider storing certain data outside of your systems. In the midst of the attack, our company was able to reassure customers that our email is housed offsite, as is all customer financial data and personal employee information.

Get Cyber Insurance Now
As high-demand attacks continue to proliferate, the cost of these business insurance add-ons will rise. The cost of not having it can be disastrous. Fortunately, Bag Makers added cyber insurance to our portfolio over five years ago. It was essential to our recovery. If you follow no other steps in this article, please reach out to your local insurance carrier and get a quote if you don’t already have it. It can save your company.

Be Ready to Act Fast
There are a million things you can do to harden your environment from threat actors. Yet, you might still miss one and, boom, you’re infected. Be prepared and do these two things. Have a technical action plan and business continuity plan ready to implement in a crisis. The first few hours of infection are critical to limiting the damage. This can be as simple as powering off the entire network, or as complicated as firing up communication and response teams at any hour of the day or night. Do you know what you would do if, like us, your phone lines, website and email network suddenly couldn’t be used to communicate with employees or customers? Try to prepare for as many disaster scenarios as possible. Even though we had a good foundation in our crisis plans, there were so many variables and moving pieces that we had to be flexible. Sometimes we would take one step forward in our recovery, only to take three steps backward. Don’t be surprised if it’s a long, drawn-out process rather than an overnight fix.

Call in the Experts
We worked closely with a team of outside experts in response to our malware attack. Our outside IT consultants were onsite within hours of the attack. Our insurance company connected us with breach counsel, who put us in touch with a forensic IT firm. The breach counsel and forensic IT professionals are specially trained in cyberterrorism cases and guided us through our recovery process, including handling negotiations with the cyberterrorists holding our data hostage. We ultimately decided paying the ransom was in the best interests of our company, employees and customers so we could resume operations faster. (Paying a ransom does not guarantee your company will receive the promised encryption key or that it will work. Even after paying a ransom and receiving the key, we worked for weeks to get our systems fully operational.)

Malware attacks are becoming more commonplace, increasing the odds that more companies will deal with this form of business interruption in the years ahead. Protect the data that makes your company run by any means possible.