Request a Quote

RansomwareAction Plan

Criminals hold organizations hostage by infecting computers with ransomware, malicious software that locks up your files until you pay a fee. Here is an enterprise action plan based on the 3 R's of Ransomware: Reduce your Risk, Respond and Recover. Customize and use it for your enterprise!

The 3 R's of Ransomware

View the Detailed Plan

The 3 R's of Ransomware

How do you protect your organization from ransomware at the enterprise level?
Remember the three R's of Ransomware: Reduce your risk, Respond, and Recover.

Ransomware Action Plan

Reduce Your Risk
Task Description Assigned
Get Insurance Get cyber extortion insurance, which typically covers ransom fees and associated services from a specialist. You can also can get business operational outage insurance to cover lost revenue, and breach response coverage in case the ransomware infection is considered a data breach. Legal/Risk
Maintain Your Software Make sure to budget time and funds to keep your software up-to-date, so your computers are as resistant to infection as possible. IT
Test Your Security Regularly Conduct regular vulnerability scans and penetration tests, so that your team detects security holes before the attackers do. Security
Filter Email and Web Traffic Ransomware often spreads through spam emails and nasty web sites. Invest in effective spam and web filtering software or services. IT
Implement Role-Based Access Control ONLY give people access to folders they really need. Remember, when one person gets infected with ransomware, it will encrypt every file they have access to on your network. Make sure if one person clicks a link they can't accidently encrypt everything. HR & IT
Conduct Phishing Exercises and Training Educate staff about the dangers of phishing emails and scams on social media sites. Include phishing in annual training, and conduct regular phishing exercises to train your team not to click on links. Security
Use Antivirus Use reliable, commercial-grade antivirus software to reduce the risk of infections. Security/IT
Deploy Two-Factor Authentication There has been a recent spike of ransomware cases where criminals broke into remote access servers using guessed or stolen passwords. Strongly consider using two-factor authentication for remote access whenever possible. IT/Security

Task Description Assigned
Develop Crisis Management and Communications Plans Like fire or flood, ransomware can be a disaster for your enterprise. Include ransomware in your crisis management plans. Create formal, written procedures for managing a ransomware event. Managing perception can be as important as managing the technical aspects of a crisis. Develop your plan for communicating with the media, key stakeholders, and internal staff. Crisis Management, PR, HR
Set Up a Hotline Make sure everyone knows who to call if they get infected with ransomware. Set up an easy-to-remember hotline or email address that anyone can call to report ransomware, at any hour. You don't want to wait until the ransomware spreads throughout your whole network before IT figures out the problem. Security/IT
Train Your First Responders Time is of the essence! Act fast and you may be able to save data, or at least recover it quickly. Send your first responders (help desk, system administrators, and security team) to Digital First Responder training. Security/HR
Implement Technical Detection Systems Monitor your network (typically using a third-party service) so that suspicious activity is caught early. Security
Understand Legal Requirements Ransomware infections may be considered a data breach in certain circumstances. If you have sensitive data on any computer that was encrypted (such as personal information, Social Security Numbers, health care information, or other sensitive data), have legal counsel review your notification requirements in advance. Legal
Conduct Tabletop Exercises Run through a tabletop exercise with your team, to make sure that your process is working as expected. Security/Crisis Management

Task Description Assigned
Backup! Backup your files regularly, and save copies in a location that can't be touched by malicious software. Regularly check that your backups work! Karen Sprenger, COO for LMG Security advises, "If you aren't testing, then you don't really have backups." IT

Contact Us

LMG Security: We Make Nothing Happen