White House to business leaders: Take these 6 steps to protect yourself from ransomware

Listen

In an open letter, the White House urged business leaders to do their part in protecting themselves from ransomware attacks as the FBI's director, Christopher Wray, compared the cluster of cyberattacks to challenges posed by the Sept. 11, 2001, terrorist attacks.

"There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention," Mr. Wray told The Wall Street Journal on June 3. "There's a shared responsibility, not just across government agencies but across the private sector and even the average American."

The White House's ransomware efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing policies toward ransom payments, and enabling rapid tracing and blocking of virtual currency proceeds. 

As the White House takes steps to boost cybersecurity, it warns companies to take these six steps to protect themselves:

1. Implement five practices from the president's executive order. These five practices significantly reduce the chance of a cyberattack: multifactor identification, endpoint detection and response, encryption (if data is stolen, it's unusable), and a skilled cybersecurity team.

2. Back up your data, system images and configurations. Test them regularly and store them offline. Ensure backups are regularly tested and not hosted on the business's network, so hackers cannot encrypt backup files. This way, if your hospital is attacked, you can restore your systems.

3. Patch and update systems promptly. Maintain the security of operating systems, applications and firmware in a timely manner. Consider using a centralized management system and a risk-based assessment strategy to steer the patch management system.

4. Test the incident response plan. This will show gaps in the plans. Ask yourself these questions: Are you able to operate your business without access to certain systems? Would you cancel appointments if your billing systems were offline? 

5. Bring in a third-party expert. Hire a third party to test the security of your system and its ability to defend itself from a sophisticated attack.

6. Segment your networks. Keep your operations segmented so that other operations can continue working if one segment is attacked. Limit internet access to operational networks. Regularly test that your hospital can still function if one segment is down.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars