In response to an increase in ransomware attacks against government systems, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, National Governors Association, Multi-State Information Sharing and Analysis Center, and other government groups released three recommendations on July 19th 2019 that outline a defense against ransomware. They stress in their press release that prevention is the most effective defense.
- Back Up Your Systems – Now and Daily!
All critical information, including system configurations, should be immediately backed up onto a separate device (not a networked workstation) and stored offline. That way it can be accessed even if the internet connectivity of an office has been compromised. These backups should be refreshed daily to ensure that as little data as possible is lost in an attack, and the restoration process should be tested on a regular basis to make sure that it is working as intended.
- Reinforce Basic Cybersecurity Awareness and Education
Almost all ransomware attacks rely on human error, as evidenced by the spike in phishing attacks that regularly find their mark. Refresh employee training on how to recognize these attacks, as well as how to report a suspected or confirmed breach to the appropriate IT staff in a timely manner.
- Revisit and Refine Cyber Incident Response Plans
Agencies must have a clear plan to follow if an attack occurs, that details how to minimize the damage, restore what was lost, and includes how to request assistance from external cyber first responders in the case that internal capabilities are overwhelmed. For HIPAA covered entities, this must also include how to determine if PHI has been compromised and how to report the breach to the authorities.