E V O LV I N G
WITH THE TIMES
This is the second article in our
new series about what businesses
should be anticipating to help
them be wildly successful.
Fighting Back
Not only are small businesses at an
increased risk of being targeted by
cybercriminals, once attacked, the likeli-
hood of survival decreases significantly.
That doesn’t mean you shouldn’t fight.
There are a variety of great resources out
there to help protect your business from
a cyberattack.
Notably, government officials recently
compiled industry best practices and
mitigation strategies focused on the pre-
vention and response to ransomware. In
the U.S. government interagency report,
How to Protect Your Networks from Ran-
somware, the following step-by-step tips
are highlighted due to their effectiveness.
1. Educate your staff. Your staff is your
first line of defense. Therefore, the first
step should always be to remind your
employees to stay vigilant and to nev-
er click on unsolicited links or open
unsolicited attachments in emails.
2. Take preventative measures. There
are quite a few tactics you should
take to maintain a proactive stance
throughout your organization. Here
are a few measures we recommend to
our clients:
• Implement a cybersecurity awareness
and training program.
• Prevent phishing emails from reach-
ing the end user by enabling strong
spam filters.
By Brian Garland, CPA,
supervisor,
[email protected]
(Dublin office)
• Scan all incoming and outgoing email. VPN connection if one is being used.
• Configure firewalls to manage access. 2. Secure backup data or systems
by taking them offline.
• Patch operating systems, software
and firmware on all devices.
3. Contact law enforcement immedi-
ately, including a local field office of
• S et anti-virus and anti-malware
the FBI or U.S. Secret Service.
programs to automatically conduct
regular scans.
4.
C hange security access and
passwords, if possible.
• Manage the use of privileged ac-
counts. No user should be assigned
administrative access to a file, folder
or server unless absolutely necessary.
• Implement software restriction policies.
3. Create a continuity plan. While an
attack may be bad for business, the
time it takes to recover can be ab-
solutely devastating. Minimize your
recovery time by implementing and
managing a comprehensive business
continuity plan. Your plan should in-
clude regularly backing up your data,
conducting annual penetration tests
and vulnerability assessments and
properly securing your backups.
Jess Howard Electric, a Rea client
in Central Ohio, is proof that a small
business can recover from a ransom-
ware attack. By maintaining the proper
safety protocols and adhering to strict
policy and procedure, the company
has successfully recovered from two
attacks that could have crippled the
business. Read their story in this edi-
tion’s Client Spotlight on page 10.
Shut It Down
If your business does fall victim to a
cyberattack, the following steps will
help minimize the damage and shorten
recovery time.
1.
Contact your IT team and isolate
the infected computer immedi-
ately by disconnecting the cable that
attaches the workstation to the
company network, or disconnect the
Discover more tips that can help protect
your business from a cyberattack on
unsuitable on Rea Radio. Episode 88
features Joe Welker, CISA, talking about
the newest ransomware threats businesses
are facing nationwide. Check it out at
www.reacpa.com/episode-88.
3