Cybersecurity and Fraud Protection
Does your disaster recovery plan cover ransomware attacks?
A cyberattack can have severe consequences for your organization. But a well-designed response plan can help get your operations back online.
Companies of all sizes and industries can be targets of a ransomware attack. And ransomware’s damages aren’t limited to financial losses; an attack can disrupt your operations and harm your company’s reputation.
This makes it imperative that your organization prepares against ransomware—just as you would any other natural or operational disaster. That begins with developing a disaster recovery plan (DRP).
A DRP can help you restore IT functions after a major disruption, whether caused by a fire, flood or cybercriminals. An effective recovery plan includes:
- Procedures and instructions to follow in a crisis
- Business processes
- Organizational assets
- Anticipated recovery times
Here are four steps to help you create an effective disaster recovery plan.
1. Conduct a business impact analysis (BIA)
A BIA predicts the consequences of a business disruption and gathers information to develop recovery strategies.
Why it’s key: This analysis is the foundation for your entire DRP.
It should consider a wide range of potential impacts, including:
- Delays, lost sales and reduced revenue
- Increased expenses (overtime labor, outsourcing costs, contractual penalties, regulatory fines, etc.)
- Customer dissatisfaction or defections
- Reputational harm
2. Identify critical systems
Identify and prioritize the systems and operations your organization will need to resume business activity after a disaster.
Why it’s key: In a crisis, you’ll need to focus on recovering the systems with the greatest impact on your operations.
After an attack, your organization may not be able to use its usual communication channels and internet connection. Your recovery plan should outline:
- Alternate communication channels
- Workarounds to perform critical functions such as vendor payments and payroll
- A pre-drafted memo addressed to your bank detailing how certain employees can contact the bank and the actions they’re authorized to perform
3. Develop the plan
At this stage, you and your leadership team should lay out the specifics of your response plan. How will you restore systems? What’s the expected time frame for system restoration? What resources are necessary? Who will implement recovery efforts?
Once you answer those questions, be sure to put your recovery plan in writing and update it on a regular basis.
Why it’s key: In the wake of an attack, you want the plan to be relevant and up to date.
4. Test and exercise
Test your DRP by conducting simulated tabletop exercises and live rehearsals.
Why it’s key: You don’t want to find gaps or shortcomings in your plan during an actual attack. Simulations give your organization a chance to practice.
There is no way to completely ensure you will not be a victim of ransomware, so heightened diligence and ongoing review of your controls with your internal and external partners is of paramount importance.
CONTACT: For additional information or questions about how to protect your organization from ransomware attacks, contact cyber.exercise@jpmchase.com.