From the Blog

Help for Cyber Extortion

July 31, 2017 Information Security

Extortion is an attempt to threaten a company or person into giving up something in exchange for not being harmed. Cyber extortion could involve hacking into and controlling your database or threatening to launch a virus into your systems. Hackers promise to release control back to you or promise not to release the virus if you pay their ransom or meet their demands. It is a rapidly growing trend because it isn’t violent, promises a huge payout, and is difficult to trace.

What should you do if you are facing extortion?

1. Verify that there has actually been a breach.

2. Immediately implement your data breach plan, which should include an identified response team, reporting procedures, response and investigation plans, public relations and law enforcement.

3. Keep the affected servers and network equipment running so your outside or in-house IT specialists can identify the cause of the hacking.

4. Disconnect the affected equipment from your production environment.

5. Switch to your backup site.

6. Implement your crisis communications plan that should include contacting all your stakeholders about the problem along with your plans to resolve it.

7. Contact law enforcement.

How can you protect your business against cyber extortion?

• Conduct a data inventory. Protecting your data begins with knowing what data sources are available, in what format the data exists, and who has access to the data.
• Create secure data backups. What would you do if your entire database and computer network was extorted and you could not operate any of your daily systems? Your data backups need to be able to handle everyday operations if your network is ever compromised.
• Educate your employees. Anyone can accidentally visit a harmful website or download a malicious attachment. Your employees need to know how to identify dangerous situations.
• Protect your network. Be sure you’ve installed and are regularly updating necessary antivirus, anti-malware, and firewall programs. Also, be sure you’ve installed and are using updated intrusion detection software (IDS) and data breach prevention software.
• Hold regular mock attacks. Hire an outside company, like Nextra, to test your system’s vulnerabilities.
• Design a data security contingency plan. Even the best defenses can be breached, so you need to have a plan in place before your business ever faces a cyber-extortion situation.

Learn more on information security and how Nextra is helping organizations prepare for eventualities such as hacking.

Contact Nextra to learn how we can help prepare your organization to face the threats of hacking and other threats to information security.

Author: Cesar Burgos