In the wake of the increase in ransomware attacks, including data exfiltration prior to or during a ransomware attack, I think it is worth the time and resources to focus on data recovery and business continuity. I am finding that during and following a ransomware attack, victims do not have adequate actionable business continuity, disaster recovery, or data recovery plans in place.

One way to focus on these important concepts is to schedule and conduct a tabletop exercise with your incident response team, focused specifically on a ransomware attack. Think about the situation in which none of your employees are able to access the network, systems, documents, contacts, emails or schedules. How do you even get in touch with your incident response team if you can’t access your contacts? Do you have their personal contact information on a piece of paper? How much time will it take you to figure out how to get in touch with your incident response team if you don’t have their personal telephone numbers or email addresses? This is lost time that is incredibly valuable immediately following an attack.

Further, if data have been exfiltrated by the hacker before dropping the encryption key to lock all of your data, do you have the proper systems in place to recover the data and continue business operations? If none of your employees can access documents or email, how do they do their jobs? How long will it take to get them back to work? If your employees can’t work, your business will be impacted, which goes to the bottom line.

This is the importance of having a disaster recovery plan, a data recovery plan, and a contingent operations plan. What is even more important is to test those plans. Take the time to really focus on how you would handle the worst-case scenario of a ransomware attack, who has responsibility for response and mitigation, who is responsible for communicating with employees and how, and who will be the quarterback of the entire response.

A ransomware attack can be devastating to a company even when you are prepared and have tested your plans. It is even more devastating when you are completely unprepared.

October is Cybersecurity Awareness Month. Make one of your goals for this month to develop and test your incident response, data recovery, disaster recovery and contingent operations plans.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.