Cybersecurity Check List

Ransomware and denial-of-service attacks are on the rise. Here’s how to prepare for the inevitable.
RANSOMWARE IS THE FASTEST growing malware threat, according to a recent report by the US Federal Bureau of Investigation. “On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015.” Such daunting statistics indicate the need to do as much as possible to protect against such attacks. There are many important steps that in-house counsel can take to shore up their defences, including:

“First of all, prepare a risk profile,” says Vanessa Coiteux at Stikeman Elliott LLP. Doing so is important “to determine your weaknesses.” In addition, the risk profile should include an incident response plan.

Utilize dedicated cybersecurity resources, says Ira Nishisato of Borden Ladner Gervais. “Threats are constantly evolving and organizations of a certain size really need dedicated cybersecurity resources and not simply someone in the IT department who has a dozen other things to worry about every day.”

Establish a cybersecurity response team before an event happens, says Baker & McKenzie’s Brian Hengesbaugh. “Have your forensic specialists and external counsel on board and [where applicable] call centres and credit monitoring [in place]. [The process] can also show where PR and legal, for example, might not see things the same way.”

Run tabletop exercises, says Miller Thomson’s Imran Ahmad. “Those meetings help identify any issues and uncertainties in your organization.”

Know in advance where to obtain bitcoins, in case you decide to pay a ransom, says Marsh’s Greg Eskins. “Do you have a bitcoin account? A bitcoin broker? Can we get, say, $50,000 of bitcoin in a relatively short time, usually 24 to 72 hours?”

No matter how sophisticated your defences, it just takes one employee to click on a phishing email and the hackers can get in, says Danny Schwartz of Lax O’Sullivan Lisus Gottlieb. “Employee training is critical. Make sure to include phones when protecting your systems. Now there are lots of viruses on phones.”