Ransomware Disaster Recovery for Professionals: Attorneys, Doctors, CPAs, Financial Advisors
Professional roles like attorneys, doctors, CPAs, and financial planners have a responsibility to plan for ransomware attacks and to protect the data of their clients. Here's an IT strategy that could help.
I wanted to take a few minutes to explain how business professionals - Consultants, Attorneys, Doctors, CPA's, and Financial Analysts specifically - can prepare their practice to recover from a cryptoware attack made against their data processing systems.
I'm signaling-out these professionals because they usually have non-disclosure, fiduciary obligations, confidentiality agreements, or legal mandates to safeguard their clients' data.
The nature and risk of that data is therefore more consequential than most; extra precautions should be exercised both protect data from unauthorized disclosure as well as restore operations.
This write-up may get a bit lengthy and for that I must apologize, still, I think it's a good blueprint to help draft a roadmap for your firm.
I'll be writing it in pieces over the next week and I'll provide hyperlink updates within this post to the latest posts that I complete.
Guiding Principles
We Do Not Pay Ransoms. A terrible strategy that only promotes more attacks. People who weaponize your data processing systems shouldn't be compensated.
Invulnerability Isn't Possible; Failure Is Inevitable. There's no way to guarantee absolute computer security or to avoid systems failure. It will happen. The risk must be planned for.
Disasters are Disasters. Planning for a ransomware attack is just the same as planning for an earthquake, a flood, or a fire. Our disaster recovery plan may be universally-applied.
Access Control. Only authorized people should have access to confidential information. That means strong authentication, managed risk, and low attack profiles.
Separation of Systems. We will design systems that are independent of each other and quarantine sections of risk so that firewalls exist between computing environments.
Layers of Recovery Options. Instead of depending on just one data recovery option, we will use many options to give us an opportunity to recover from a disaster.
Leverage Encryption Everywhere. Throughout our data ecosystem, we will leverage encryption wherever possible to prevent what could be compromised from being used.
Asset Management and Maintenance. A good best-practice that keeps our firm on-top of emergent threats.
Please feel free to contact me if you have any questions about what you're reading in this series.
If you have concerns about your own practice and your disaster recovery planning, contact me. I'd be happy to help.
R
What is 5Ge? And Why Is It On My iPhone?
Hey, my iPhone says that I’m receiving 5Ge on AT&T’s wireless network? So does that mean I’m receiving 5G, at long last? Well, sorry, no. It’s just a bit of technical and marketing slight of hand.
Oh look - a new carrier indicator from AT&T that suggests that I’m receiving 5G to my iPhone! How cool is that! Boom!
Well, not really. It’s actually not true. Let’s break this lie down a bit.
5G refers to the “5th Generation” wireless communication standard which will offer theoretical speeds up to 1gbs - extremely fast, especially considering 4G LTE service offers around 30mbps (30 megabytes a second as compared to 1,000 megabytes a second).
The problem is that 5G is going to take a whole different set of hardware to transmit and receive 5G signals. That’s going to take a lot of time and capital investment by carriers like AT&T, Verizon, and Sprint. 5G is supposed to roll-out nation-wide over the next couple of years. But it’s not here. Not yet.
So why am I being lied to? AT&T Senior VP for Wireless Technology Igal Elbaz defended AT&T’s 5Ge practices by arguing “what we’re trying to do is let [consumers] know that there is an enhanced experience in their market.” And yeah, they’re getting sued by the other carriers who say AT&T is misleading consumers .
You see, even though my iPhone says that I’m operating on a 5G network (E is AT&T marketing lingo for “Evolution”, it’s not even part of the 5G standard), it’s really not. Bummer-drag. It’s still on that 4G LTE network but using a mechanism to aggregate carrier signals (4x4 MIMO and 256 QAM) that offer a wee bit of a speed improvement (AT&T says an average of 40mbps with theoretical speeds up to 400mbps) but it’s not 5G, per se.
The 5Ge thing appeared on my iPhone XS after receiving the iOS 12.2 update, but it’s not really 5G. Have AT&T? If you have an older iPhone, or an iPhone XR, or older Android phone, you may not see the 5Ge indicator. That’s because those phones don’t support the signal aggregation thing I was just talking about. Also, you may not be in a market that AT&T has brought this whoopla to; AT&T seems to think they can roll this tech out to 400 markets by 2020.
So, sorry to swot your hopes like that but, hey, just keeping it real.
R
How to Refer Business To me
How do you refer business to me? Well, it’s as easy as 1-2-3! Just follow these handy guidelines!
Just for a presentation that I'll be leading tomorrow, but pasted here, for everyone's enjoyment!