Recent high profile news stories regarding ransomware attacks on local government agencies such as the cities of Baltimore and Atlanta have raised the awareness of the devastating impact of ransomware. The latest city to be attacked is Riviera Beach, Florida. Riviera Beach ended up paying $600K in ransom to have their data unlocked (although there is no guarantee that the hackers will unlock the data), and also had to spend over $900K for new computer systems. This occurred because Riviera Beach’s IT team did not have sufficient backups in place to restore from. Each of these cities have had financial impact in the millions of dollars. These government agencies can withstand the impact due to the burden being on the tax payers.
If your small business was hit by ransomware, and your computer systems were down for several days or longer, would your business be able to survive? When is the last time your backups were tested? Do you have a Disaster Recovery/Business Continuity plan that is updated and tested annually? Have you reviewed the Recovery Time Objective (RTO), Recovery Point Objective (RPO), and required retention policy for each of your critical systems? If you have internal IT, when is the last time you had a 3rd party audit your IT and cybersecurity systems and processes? Do you have cybersecurity insurance, and if you do, do you have the right type of policy, and do you understand what is covered (and what isn’t)?
As a business owner, it is critical to understand that cybersecurity risks are continuing to increase, and it is no longer a reasonable plan to ignore these risks. Utilize trusted 3rd party IT and Cybersecurity consultants to ensure that these risks are understood and mitigated.