5 Steps for an Effective Information Security Program (pt. 1 of 4) | How to Protect & Recover from Ransomware Attack

Part 1 of 4: How to Protect & Recover from a Ransomware Attack

The number of ransomware attacks targeting nonprofits, healthcare and all other organizations have rapidly increased.  They have  become a simple and direct source of revenue for cybercriminals and unfortunately, it’s very lucrative for them to hold your data for ransom.   When organizations experience a cyberattack, many lose access to critical files – sometimes permanently!  This jepardizes the organization’s clients, constituents, employees and reputation.    To restore file access, organizations are faced with a decision as to whether to pay the ransom, in the hopes that the files are truly unlocked, or attempt an in-house recovery with no guarantee that the locked data can be reliably reproduced.

In order to reduce the risk of beoming a victim of ransomware, Summit Business Technologies recommends the following multi-layered security strategy to protect from an attack and recover with confidence if necessary.

  1.       Information Security
  2.       Data Protection
  3.       Data Backup
  4.       Employee Security Awareness

In this blog, we will cover the first part of our strategy – Creating and maintaining an effective information security program.  The following are key steps to putting an effective program in place:

  1. Data Location Roadmap
    • Know where your critical data is stored.   You may be surprised that many organizations have very fragmented data storage and no written roadmap as to where the data is stored.   It is critical to maintain awareness of what data is stored… and where.  
  2. Inventory your IT Infrastructure
    • It is necessary to know which systems store, process and transmit your data.   By understanding your data flow, you can determine which systems present the greatest vulnerability.
  3. Assess Risk and Apply Security Controls
    • By identifying vulnerable areas, you will be able to select, apply and manage security controls optimally based upon risk and cost.
  4. Evaluate Effectiveness
    • By proactively evaluating the effectiveness of your security strategy, the controls applied and your security technologies, you can prepare for the evolving cyber-threat landscape.  You will also be able to apply corrective actions and remediation based upon your evaluations to plug any identified security holes.
  5. Employee Security Awareness
    • By educating your employees on how to identify dangerous emails or those with suspicious links or attachments, you are able to strengthen what tends to be the weakest link in IT security.  Summit Business Technologies’ Security Awareness Service helps change the human responses of your employees from weaknesses that can be exploited by outside hackers into strengths that protect your company systems and data.

Download the Employee Security Awareness PosterWith the growing number and evolving sophistication of cyberattacks, it is imperative for organizations to clearly understand the importance of investing in cybersecurity and employee education when weighed against the risk of loss of critical data and the resulting impact on the organization.  

In our next blog, we’ll cover Data Protection Best Practices.

Larry Selleh

Larry, Summit's Director of Business Development, has experience working organizations large and small. He puts his 20+ years of experience to work every day finding the best solution for each company.

Related Posts


Sign up for Our Blogs

Latest blogs

Security Awareness Training