Will Your Business Survive a Ransomware Attack?

Most Small and Midsize Businesses Won’t Survive an Attack

Ransomware attacks are on the rise. Over 46% of the world’s total attacks are targeted against the US. Unfortunately, new research from CyberCatch, a cybersecurity platform provider, shows that 75% of small- and midsize businesses would be forced to close if a bad actor demanded a ransom. It is not a question of “if” an attack will occur for most companies but “when.” You can take steps to mitigate your risk and prepare for an attack.  

To Pay or Not Pay

Even if your business decides to pay the ransomware demand, it does not guarantee that you will recover your data in a usable format. Remember, you are dealing with criminals; thus, there is no code of ethics. Per the available research, 58% of extortionists attempted a second ransom after receiving payment, and 42% did not decrypt the files after payment, so the data was still unusable. Furthermore, if you pay in Bitcoin, the transactions are public and traceable. If used for any illegal transactions, they could be traced back to your business.

Even if you pay and recover your data, it takes an average of 16.2 days to remediate an incident. Think about having your business interrupted for more than two weeks. Not to mention the damage that is done to your reputation and inability to service your customers. The devastation done to one Illinois College is causing them to shut down indefinitely. In Michigan, Kalamazoo Community College was forced to close its campus after an attack. These are just two recent examples of attacks.

What Happens if Attacked

If your business becomes a ransomware target, these steps can help your business survive.

Assess the attack

Take a picture of the infected device’s screen before unplugging it. Pay attention to the payment deadlines or the number of days. Many times, the longer it takes to pay the ransom, the more the ransom demand. Check all of your systems to see if your network is compromised or if the attack is localized.

Immediately call your experts

This could be your internal IT team or a trusted IT vendor to supplement your team. In addition, if you have cyber insurance, contact them, and you may want to involve local law enforcement.

Determine the data you can recover

once you have identified what is infected, check on your backup systems to assess what data is recoverable. If you determine you need to pay the ransom to recover your data, have a clear communication plan on when and what you will pay.

Reset your systems

immediately reset all passwords. Ensure you have the latest software versions and run any patches to strengthen your security. Watch for backdoors that bad actors could further exploit.   

Do you have a Ransomware Plan?

We can help. Dewpoint has the security and infrastructure experts and experience to mitigate your ransomware risks and create a recovery plan in case you’re attacked. By taking simple cybersecurity steps, you can reduce the probability of an attack and its impact. Like in sports, we believe the best defense against an attack is a great offense. Contact one of our cybersecurity experts today.   

Seven Tiers of Disaster Recovery – Which Tier is Your Enterprise?

How does my enterprise rate?

The seven tiers of disaster recovery include:

Tier 0: Potential no recovery, no off-site data

This 0-level tier indicates an organization with no business continuity plan, no saved information, no documentation, and no backup. They may lose everything.

Tier 1: Backup data with no “hot site”

Tier 1 refers to an organization that sends backup data to an off-site storage facility, for example, backing up and taking it to a remote location. If a disaster hits, the organization must be prepared to suffer several days to weeks of data loss. This tier lacks systems to restore data fully.

Tier 2: Backup data with a “hot site”

Tier 2 describes an organization that backups data frequently. They combine an off-site facility and “hot site” to restore systems from backups during a disaster. Recovery time in Tier 2 is more predictable but will still result in the need to recreate hours or days’ worth of data.

Tier 3: Electronic vaulting

Tier 3 has the major components of Tier 2, such as off-site backups, a Disaster Recovery Plan, and a “hot site.” However, Tier 3 augments backup through electronically vaulted data. Recovery time is estimated to be about 24 hours.

Tier 4: Point-in-time copies

This tier solution is used by organizations that require both greater data currency and faster recovery than the users of the lower tiers. Tier 4 solutions incorporate more disk-based solutions. Data loss of several hours is still possible, but it is easier to make point-in-time copies with increased frequency.

Tier 5: Transaction integrity

Organizations that use Tier 5 solutions require data consistency between the production data center and recovery data centers. There is little or no data loss in these solutions.

Tier 6: Zero or near-zero data loss

Tier 6 solutions exemplify the highest levels of data currency – with little or no tolerance for data loss. Restoration of data needs is a high priority. Tier 6 solutions often require disk mirroring or automated tape solutions.

Tier 7: Highly automated, business integrated solution

The top tier, Tier 7, incorporates all the components used for Tier 6 solutions with integrated automation. Recovery of applications is automated and brings a faster restoration of systems.

Planning Help

If you are not sure which tier best fits your enterprise or are looking to improve your disaster recovery or business continuity plan, Dewpoint is here for you. We start by evaluating your current plans and offering recommendations to improve them, so you are ready when disaster strikes. In this world of uncertainty, Dewpoint has qualified experts ready to help. Call us today.

Helping Credit Unions Improve Processes Through Automation

Using RPA to achieve optimization at your credit union

Where can you find a solution that automates your processes while lowering costs, gaining efficiencies, and reducing errors? How about a solution that improves the member experience?

Robotic Process Automation (RPA) provides these benefits and more. It can transform how your organization works, allowing your employees to focus on high-value activities, resulting in more satisfied employees and members.

The first step in implementing RPA is evaluating your current processes to find “good” candidates for RPA. We suggest starting with small, measurable successful projects to scale and optimize for other Credit union processes.

Is RPA Right for this Process?

When determining if RPA is a good solution, ask yourself the following questions:

Volume

Does the process occur frequently enough to justify implementing RPA? Processes that do not happen regularly provide little return on investment and usually have unexpected changes that break the automation. Another benefit besides cost savings may be increasing revenue (think processing loan applications faster) and avoiding risk.

Scope

How many steps are in the process? Ideally, there should be no more than 15. Evaluate the individual processes, not a combination of processes. Defining the scope helps you be tactical in your RPA planning.

Complexity

How complex is this process on a scale of 1 to 10? Does the process include multiple business rules? A good test is counting the “if-else” blocks. If more than seven, the process may be too complex for RPA. Additionally, the conditional statements must be expressed in a format that the automation process can resolve. Either all scenarios are mapped out, or a “catch-all” must be in place.

Stability/Predictability

Is the process stable or liable to change? Review the history of changes to the process, in addition to any planned changes, to identify whether it is stable. RPA of a good process will, in turn, requires less maintenance and fewer changes. Specific questions include:

  • Will you perform the task the same way today, tomorrow, or a month from now?
  • Are there any significant upcoming changes?
  • Does the process involve subjective decision-making?

Processes in general and for Credit unions that benefit from RPA include back-office reporting, employee on boarding and off-boarding, document and records management, and customer relationship management. Specific to Credit unions, loan underwriting, debit card fraud processing, and ACH stop payment processing are perfect candidates for RPA.

Types of Robotic Process Automation (RPA) Bots

RPA Bots can be attended or unattended. Attended RPA works in conjunction with the user, incorporating automation into specific directed tasks. It is well suited to tasks requiring human-to-system interaction in real-time. For Credit unions, attended bots can be helpful to accomplish part of a task quickly. For example, suppose customer support employees need to switch between multiple programs and screens to retrieve information while talking on the phone with members. In that case, employees can use attended RPA to retrieve data from any number of applications. It allows the employee to quickly provide information to the member and focus on answering member questions.

Unattended RPA is just that…no user input or attention is needed. Once the bot is set up to execute, human intervention is only required if a change is needed. The bot begins work on its own.

How do I get my RPA program started at my credit union?

This is where Dewpoint and our partner, Endurium, can assist. We have the professionals and experience to analyze your current processes and develop a list of processes that are good candidates for RPA. If you are still not sure about the benefits of RPA, check out our last blog, “ Five Reasons Credit Unions Should Consider RPA,”  or click here to talk to one of our experts.

The Seven Tiers of BCP

The Seven Tiers of BCP

Disaster Recovery and The Seven Tiers of BCP The seven tiers of disaster recovery were developed in the late 1980s by the SHARE Technical Steering Committee and IBM are a still used currently by enterprises as a measurement of priority. Each Business Continuity Plan (BCP) is defined by the Recovery Point Objective (RPO) and the […]

Continue reading

Backup and Recovery Tip: Test. Test. Test.

Testing your organization’s data backups is the first real step toward implementing a secure and effective backup and recovery plan. It is an extremely important way to identify critical flaws in disaster recovery and maintain business continuity.  Despite the amount of hours and effort your organization devotes to backing up data, it will mean very […]

Continue reading

Backup and Recovery Tip: Deploy Data Deduplication

Deduplication technology is essential to every company’s data backup process, especially when it comes to managing big data.  It is designed to eliminate redundant data in a storage system, and reduce the amount of data that must be stored as a backup. When it comes to data security, deduplication is the fastest way to generate […]

Continue reading