Photo by Tonik from

The Department of Homeland Security’s Cybersecurity, Infrastructure and Resilience Agency (CISA) released a statement to retailers and other holiday-focused businesses this past week. Businesses are warned that they should expect an increase in attempted ransomware attacks, especially those businesses facing a holiday season contingency. 

ERI is a member of CISA’s coordinating committee for critical manufacturing, so we are acutely aware of the risk and need for businesses to share information about these types of attacks. Ransomware encrypts critical files and applications, and businesses can quickly be brought to a standstill if subjected to it. 

This isn’t the first time in recent months that we saw a spike in ransomware attacks. As it became clear that remote work was shifting and becoming a more permanent part of our daily lives, we saw a significant increase in security gaps. While there are plenty of security measures that have been enacted by institutions requiring remote work, a lot of it relies on employee understanding and knowing what to do when things go wrong. Due to this rapid shift, the gaps in security have been exacerbated and hackers have an easier way in. Cybercriminals started preying on anxiety surrounding the coronavirus and have began intensifying ransomware and DDoS attacks. In March 2020, a Czech hospital that was serving as a COVID-19 testing center was hit with a cyberattack in the midst of the outbreak, forcing some services to shut down temporarily.

But why are cybercriminals choosing right now to attack businesses with ransomware?

Ransomware doesn’t only attack technology – it attacks the people and processes that also help your business run. In particular, criminals look to create or establish feelings of panic within victim companies. The idea that an outage or shutdown has happened at “the worst possible time” works in the favor of ransomers. And so, as it goes, businesses already struggling with supply chain problems and lower than expected crowds, may be especially likely to pay a ransom just to keep the lights on. 

Here are three ways to take the urgency out of the ransomware equation, which may help your business recover more quickly in an emergency at the holidays:

Ensure back-ups are tested and running well throughout your busiest seasons. Back-up data centers are a great deterrent to ransomware damage, but your backups are only useful to you if they are working, storing the information you need to continue running and easy to “switch on” in the event primary systems go down. Test these with your IT team or technology service providers. 

Run drills, sometimes referred to as tabletops, with the exact team who would respond in the case of a ransomware incident. Don’t leave out important roles like communications leads (both internal and external) and people who handle important clients. 

Make sure you have a high-level idea of whether you would pay a ransom to get back up and running. Is this a realistic option? If it is, ensure you are prepared with the right attorneys and law enforcement contacts to safely execute a payment. If not, be sure you have your position well-documented as to why you cannot pay (financial reasons, regulatory reasons, moral reasons) so in an emergency situation, you can stick to your plan. 

Above all, it’s helpful to remember that the entrepreneur’s sense of urgency at the holiday scramble can be used against the company by criminals. Don’t let a good hustle now lead to a bad decision-making outcome later.  

Kate Fazzini is CEO of Flore Albo LLC, an adjunct professor of cybersecurity at Georgetown University, author of Kingdom of Lies: Unnerving Adventures in the World of Cybercrime and has served as a cybersecurity reporter for The Wall Street Journal and CNBC.

John Shegerian is co-founder and Chairman/CEO of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company. The first five readers who send an e-mail to this address link will receive a free signed copy of John’s new book, The Insecurity of Everything.

e-Newsletter Signup

Our Weekly Poll

Do you believe "quiet quitting" is a problem in your workplace?
110 votes

Central Valley Biz Blogs

. . .