Imagine this: one of your employees gets an odd email from an unfamiliar address. They open the email, read its contents, click on a link or attachment, and identify it as innocuous spam that snuck through your company’s filters. Suddenly, their browser crashes unexpectedly. The employee remarks that this is odd, but when they can easily reopen the browser and resume their business, they go through their day without much of a second thought.
Fast forward 12, 24, or 36 hours—maybe even weeks or months. You’re getting ready for bed. You set down your book on your nightstand or close Facebook when your phone rings with a call from a member of your IT team. Your worst fears have come true: you’ve been hacked. Every single byte of your company’s data, from your financial records to employee chat histories, has been hijacked and locked out of your reach. Not a single employee can get any work done and your operations have stopped entirely. Your whole company has been effectively frozen in its tracks.
Then, you get a note from the hackers. If you don’t pay a significant ransom, in all possibility tailored to drain your financial resources because they have access to your financial records, then you won’t be given the encryption key to get your data back. That is, you’ll stay paralyzed. And to top it all off, the hackers threaten to leak your confidential data on the dark web piece by piece if you don’t pay. What do you do?
It’s not an exaggeration to say that this is a nightmare scenario for every 21st century company, although it’s more than just a nightmare; for many, this is a disastrous reality. In May, a ransomware attack on Colonial Pipeline led to gasoline shortages on the east coast. Last month, similar attacks on JBS, a meat packing company, have led to fears of food supply interruptions.
Unfortunately, if it gets to the point where a criminal group has hijacked your data, there’s not much you can do. You can hope your backups are recent and can be efficiently restored, although this assumes you have backups and still can take weeks depending on the company. Alternatively, you can pay the ransom against the FBI's recommendations, although in many cases this is the only option unless you're willing to start entirely from scratch. So, the logical question becomes: “How can my company prevent this from happening in the first place?”
This is where Gray Leaf Technology Consultants (GLC) can help by working with you to proactively generate an individualized Disaster Recovery (DR) Plan. A DR plan is a living document that prepares you for the unknown. It provides peace of mind because you will know that you have taken measures to protect your organization. The DR plan outlines your company’s IT assets, explores your susceptibility to particular risks, and assigns responsibilities to your employees to help mitigate those risks before the attack happens. It is useful for more than just cyber-attacks, too—DR plans account for everything from natural disasters to electrical fires and the actions of disgruntled employees.
The greatest beauty of a disaster recovery plan is that it’s preemptive. Its purpose is to analyze your company’s security infrastructure, identify any weak points, and supply steps to fix them before bad actors cripple your operations. In this sense, Gray Leaf wants to help keep such negative instances as those outlined above from affecting your business.
We leverage decades of experience in IT, cybersecurity, and disaster management from developers who have worked for such entities as the United States Coast Guard, Cigna, and the Federal Emergency Management Agency (FEMA) and countless small and medium sized businesses and non-profits. As such, there is no one more prepared to work with you in keeping your company assets safe.