According to some estimates, a ransomware attack occurs once every 11 seconds. If you think your nonprofit is immune, think again. Nonprofits are often the target of cybercrime simply because criminals know that nonprofits have limited resources to fight back. They are more likely to pay the ransom than defend against attack.
If you find your systems locked and a message on the screen demanding a ransom, you’ve been hit with an attack. Don’t panic. Take a deep breath. It’s time to fight back.
Do You Have a Recovery Plan?
Although most organizations understand the risk of a cyberattack, few have an actual recovery plan in place should they face one. If that describes your organization, it’s time to get one in place.
An “incident response plan” or IRP outlines the teams and people responsible for various aspects of response to a ransomware attack. There are several critical areas that must respond, including IT, communications, public relations, and more.
If you do not have a recovery plan in place, it may be worthwhile to investigate the many templates available online, or work with a consultant to help you create one. Every day that goes by without an IRP in place is another day that puts your organization at serious risk should you be the subject of a cyberattack.
Identify the Source and Contain It
There are many ways in which ransomware can attack your computer systems. Clicking on the wrong link in an email, clicking on a random popup, and exposing your browser to malicious software on an innocent site are all ways that ransomware can penetrate a system.
Your IT department or cyber security response team will need to work diligently to determine the source of the attack. Then, once they figure out how the ransomware got into the system, they will need to contain it.
Think of ransomware like a wolf that gets through the fence and attacks the livestock. The immediate threat is the wolf, and it must be removed to protect the livestock. But after it is removed, the rancher will certainly scrutinize his fences to see where his defenses were down and take immediate steps to fix them so that another attack can be repelled before it advances. That’s what your IT team must do to protect your valuable commodity–your data.
Notify the Legal and Communications Teams
You should also contact your legal representatives so that they can prepare for any fallout from the attack. The communications professionals in your organization must prepare talking points for the CEO, president, and other organizational leaders who may be questioned about any potential data breaches or cyberattacks by the media. They should also prepare talking points to help leadership brief all employees about the problem and the steps being taken to address it.
Law enforcement should also be contacted, specifically the FBI Crime Complaint Center. This group tracks various cybercrimes. Go to the website and complete the online form to register the complaint and the attack with them.
Should You Pay the Ransom?
This is a tricky question. Your first instinct may be, “Oh, heck no!” but the reality may be different. If your IT department feels they can recover the systems and data safely from the attack, then you may not wish to pay the ransom. But, for other, smaller organizations with little recourse, you may have to pay the ransom.
Ultimately, the executives and potentially the board of directors may need to make the final decision about whether to pay the ransom. It may leave a bad taste in your mouth to capitulate to criminal demands, but if the alternative is to lose all your data and systems, you may not have much of a choice.
Successful Defense Starts with a Good Offense
Let’s face it–it’s not a question of if, but a question of when, you’ll encounter some form of cybercrime. A successful defense begins with a strong offense. This includes:
- An incident response plan
- Updated virus protection programs throughout your organization
- Updated software, including websites and third-party code (such as WordPress plugins)
- Training for your team on how to avoid clicking suspicious links
- Backups kept offline to protect sensitive data
With the right systems, teams, and plans in place, you can withstand a ransomware attack. Now is the time to begin your plan.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.