Close this search box.
Close this search box.

How to Lock Down your Data Against Ransomware

Ransomware cybercrime is on the rise and is wreaking financial and operational havoc.

gettyimages-517277024As the latest and fastest-growing online threat, ransomware—a form of malware—is becoming a lucrative business for hackers and a looming threat for businesses large and small. According to the FBI, operational and financial costs related to ransomware in the first quarter of 2016 reached $209 million, up from $25 million for all of 2015. The former number is expected to reach $1 billion by year-end 2016.

In a ransomware attack, the hacker holds a business hostage by penetrating its network and encrypting/locking down all of its files, until the organization pays the ransom money demanded. Once the ransom is paid, the hacker releases the data by providing the organization with a decryption key that unlocks the data.

But that’s not the end of the story. What people have to realize is that the hacker may have been rummaging around a lot of sensitive data before encrypting it. They could have been selling the data for months before and just locked down the data on their way out. When an organization pays the ransom, their problems may be far from over.

Beyond the costly extortion and temporary business interruption, which can be paralyzing, the aftermath of a ransomware event can be equally as devastating, as it can fuel federal investigations into an organization’s network safety and security, requiring costly legal representation for months or years and leading to lawsuits by affected individuals and more.

“Operational and financial costs related to ransomware reached $209 million in 1Q16, up from $25 million for all of 2015, and is expected to reach $1 billion by year-end 2016.

Shielding your network
While the risk of ransomware is real and on the rise, businesses can follow these best practices to shield themselves.

1. Regularly back up data. Back up as often as you can, doing so even daily or hourly. If your data changes significantly hour to hour, then back up in real time. If a ransomware event does occur, you will want to access your backup data quickly.

2. Regularly scan for viruses. Conduct scans across the entire network infrastructure, including databases. This is especially critical for organizations with multiple IT managers and/or multiple locations.

3. Maintain an incident response plan. While you may be able to get your network back up after a ransomware attack, in a worst case scenario, the hacker could get to it first. Then you’ll have to make quick decisions: Will you pay the ransom? Will you negotiate? How do you access bitcoin? The following decisions must be made in advance to respond quickly and appropriately.

—Identify key stakeholders in an organization who are going to play a role in breach response, including legal, HR, IT and a spokesperson, as well as people outside the organization, such as your cyber insurance broker, privacy attorneys and an Encrypto currency broker (a currency broker that specializes in paying ransoms via bitcoin payments) as hackers must be paid in bitcoin.

—Plan a data breach response by knowing what evidence needs to be preserved ahead of time. Know what you will offer affected individuals. Will you set up a call center? Will you offer credit monitoring? This will need to be determined in advance to minimize the financial and reputational harm.

—Retain a robust cyber insurance policy that features real data breach resources. This will help mitigate the immediate financial and reputational harm that is sure to follow a ransomware event, as well as pay and fulfill the ransom.

—Train employees to spot phishing scams. Employees need to be able to recognize and delete phishing and malware emails without opening them. This typically won’t be successful if championed only by IT professionals, but will instead require a culture of safe practices from the top down.

—Keep logs to preserve evidence. Companies who do this successfully know who accessed which networks when and will be able to more easily identify the breach site/point of entry and exposed/accessed data or intellectual capital.

Everyone is at risk
Any organization that stores data on a network is at risk. And, contrary to popular opinion, ransomware hackers aren’t deterred by business size or industry.

Small to mid-size business can be an even easier target for the hacker, because the hacker knows they don’t have the resources to protect themselves. They’re as vulnerable as a big chain retailer. The hackers don’t discriminate. If it’s easier to get it from the little guys, they’ll go there. A W-2 form or an SS number from a mom and pop holds the same value on the black market as those coming from a large bank. Every organization needs to be aware of what’s out there and plan accordingly.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.