Spears Legal Technology


This blog is a resource guide for informational purposes only, and not the delivery of legal, technical or other professional advice. Using the information provided on this blog does not constitute an attorney-client relationship. If you need legal advice, please consult your lawyer.

Prepare yourself for high-stakes cyber ransom

Following the breach and extortion attempt that put Code Spaces out of business, we are finally seeing more attention paid to “cyber ransom”. InfoWorld security advisor Roger Grimes has published a high-level overview of how to prepare for this threat. Among his recommendations:

Prepare for the worst now

  • (1) Educate senior management about the threat of ransom-demanding cyber criminals (along with ransom-demanding malware, which they should already be familiar with). Let them know the threat is real, fairly easy to accomplish, and difficult to prevent. Do your research and put everything in a document, so they can't say you didn't warn them.

  • (2) Ask management how you should respond if a ransom incident occurs and you believe it to be a viable threat. Should your company ever pay ransom? If your company thinks paying the ransom is the appropriate response (at least in some scenarios), get a sense of what the upper limit might be to save the company. Management won't want to have this discussion, but it's a good way to start a dead-serious dialogue about risk management.

  • (3) Ask management if your current business interruption insurance covers data ransom scenarios. If so, to what level? If not, it's time to investigate insurance coverage for this type of event.


blog comments powered by Disqus