As news spreads of the global WannaCry ransomware attack, those with updated Microsoft patches and those running Apple computers appear to be able to relax. The attacks seem to be hurting organizations with older Microsoft operating systems that were left unpatched. However, this is a good time to remember the importance of those emergency plans often called, “disaster recovery,” “business continuity,” or “incident response.”
Fortunately, ransomware is a pretty simple attack. The victim’s data is encrypted, and unless they pay the attacker for the key, the data stays encrypted. However, if you have a clean, recent backup, you may be able to ignore the attacker and restore your data from backups.
Of course, each incident is unique, and the way your system reacts is unique to your company. However, in our experience, the more prepared you are, the faster you can respond. In the same way you performed fire drills in school, your company should perform tests of your recovery plan. Most companies perform these tests at least annually, and the frequency should depend on how much has changed in your business. A best practice is to review and update the emergency plan at least quarterly if your systems, suppliers or people are changing. It is also recommended that your backups be tested annually. That can mean restoring 100% of the data once, or smaller pieces monthly or quarterly. We have found that the annual audit is a good time to explore your critical systems to ensure all your company data is included in these plans. (Hopefully your organization performs both financial statement and IT audits annually.)
And finally, don’t forget to check with your vendors. If they are critical to your operations, either perform the tests with them, ask to see the results of their tests, or request a third-party audit report of their system, such as a SOC report for availability as recommended by the AICPA for all service organizations.
If you have questions about the latest string of ransomware attacks, or wish to speak with a member of the Barnes Dennig IT Controls team, please have contact you here.