Ransomware Protection For Smaller Companies Shawn Stroud is director of information security at Sagent, a Pennsylvania-based fintech company modernizing mortgage and consumer loan servicing for banks and lenders. He offers these steps smaller mortgage companies can take to help protect themselves: • Design a robust data backup process, and regularly test your capability to restore successfully. This is a key control and is really the only way to get your data back (without paying a ransom). Paying the ransom is not recommended, as there is no assurance that the bad guys will honor the payment and release the encryption keys, and paying the ransom could also put a target on the company (identifying it as one that has paid). Also, ensure that your backups are isolated when stored to ensure they are not affected by the ransomware. • Just as important as ensuring good backups is security awareness training. Your employees are on the front line when it comes to ransomware. They are the recipients of the phishing emails that are typically the infection vector for ransomware. Train employees often and well to identify phishing and other social engineering attacks. Conducting periodic phishing exercises is a good way to assess your staff’s awareness of phishing activity and gives an opportunity for targeted training for those who do fall for it. • Develop a comprehensive incident response plan. Part of a proactive approach to cybersecurity involves establishing the policies, procedures, and incident response routines for your company in the event of a ransomware attack. Your incident response plan should have a playbook specific to ransomware, detailing high level steps to contain and resolve the incident. Also, it is important to actually test your response plans. A scenario-based tabletop exercise including all relevant stakeholders is a good way to fine tune your procedures and gives everyone involved an opportunity to critically think about what would need to happen in a specific scenario. Smaller companies who are resource strapped should consider engaging a consulting service to provide incident management capabilities to avoid being stuck in a reactive mode when an incident occurs. • Ensure your cyber insurance covers ransomware. A good policy not only provides coverage for the costs of payouts (if that becomes an option), it also covers the cost of other extortion-related expenses such as consultants and attorney fees, and the costs to restore systems back to an operational state.
NATIONAL MORTGAGE PROFESSIONAL MAGAZINE |
45
