September 28, 2021

Volume XI, Number 271

Advertisement

September 28, 2021

Subscribe to Latest Legal News and Analysis

September 27, 2021

Subscribe to Latest Legal News and Analysis

The Importance of Focusing on Data Recovery and Business Continuity

In the wake of the increase in ransomware attacks, including data exfiltration prior to or during a ransomware attack, I think it is worth the time and resources to focus on data recovery and business continuity. I am finding that during and following a ransomware attack, victims do not have adequate actionable business continuity, disaster recovery, or data recovery plans in place.

One way to focus on these important concepts is to schedule and conduct a tabletop exercise with your incident response team, focused specifically on a ransomware attack. Think about the situation in which none of your employees are able to access the network, systems, documents, contacts, emails or schedules. How do you even get in touch with your incident response team if you can’t access your contacts? Do you have their personal contact information on a piece of paper? How much time will it take you to figure out how to get in touch with your incident response team if you don’t have their personal telephone numbers or email addresses? This is lost time that is incredibly valuable immediately following an attack.

Further, if data have been exfiltrated by the hacker before dropping the encryption key to lock all of your data, do you have the proper systems in place to recover the data and continue business operations? If none of your employees can access documents or email, how do they do their jobs? How long will it take to get them back to work? If your employees can’t work, your business will be impacted, which goes to the bottom line.

This is the importance of having a disaster recovery plan, a data recovery plan, and a contingent operations plan. What is even more important is to test those plans. Take the time to really focus on how you would handle the worst-case scenario of a ransomware attack, who has responsibility for response and mitigation, who is responsible for communicating with employees and how, and who will be the quarterback of the entire response.

A ransomware attack can be devastating to a company even when you are prepared and have tested your plans. It is even more devastating when you are completely unprepared.

October is Cybersecurity Awareness Month. Make one of your goals for this month to develop and test your incident response, data recovery, disaster recovery and contingent operations plans.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 276
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement