4 Office of the Saskatchewan Information and Privacy Commissioner. Ransomware-What Everyone Should Know. Effective Sept. 2023. Consider the following: • Before an incident ever occurs, have a security response in place including a security response team (e.g., IT, legal, management, etc.). Your plan should consider business continuity needs. Everyone on the team should know their role. • Separate user accounts with administrator privileges from daily use accounts to help reduce an employee’s ability to run software and to ensure they have access to only the resources necessary to do their job. • Have strong antivirus and strong spam filters in place, use authentication technologies including two-factor technologies, implement good backup policies, segregate networks to contain future breaches, conduct routine system checks and ensure strict security measures are in place. Also consider an extended detection and response tool (XDR) as it covers a wider variety of activity, and the use of managed detection and response services where someone else monitors activity captured by the XDR. • When an incident does occur, act quickly and seek help from experts who can help identify the cause of the infection, including which devices, applications and systems are infected. Experts can also advise on the selection or use of safe backup data, your ability to recover data, and options to recover your systems such as the reinstallation of software. • Report the attack to the police, whose role it is to investigate. You can also contact the Canadian Anti-Fraud Centre (toll free 1-888-495-8501), which collects information on fraud and identity theft and assists the police. • Determine if you will pay the ransom. The purpose of paying the ransom is so the attacker will decrypt your data or return it. Doing so doesn’t always ensure the malware’s removal. It also doesn’t guarantee that the attacker will do anything, which is why experts often recommend against paying a ransom. Experts also argue that paying a ransom encourages a criminal business model, or it may lead to attackers requesting higher payments. • Use lessons learned to develop or amend your plan to prevent future attacks. More Information and Resources • Canadian Centre for Cyber Security - Canadian Centre for Cyber Security • Canadian Anti-Fraud Centre - Canadian Anti-Fraud Centre (antifraudcentrecentreantifraude.ca) • Saskatchewan IPC webinar - https://oipc.sk.ca/media/webinars/
RkJQdWJsaXNoZXIy MTgwMjYzOA==