CISA Issues a Fact-Sheet: Protecting Personal Information from Ransomware-Caused Data Breach

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) recently released a fact sheet to assist government and private sector organizations with protecting sensitive and personal information from a ransomware-caused data breach.

Summary

“All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems...CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations below.” (3)

  • Preventing Ransomware Attacks

    • Maintain offline, encrypted backups of data and regularly test your backups.

    • Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan.

    • Mitigate internet-facing vulnerabilities and misconfigurations.

    • Reduce the risk of phishing emails.

    • Practice good cyber hygiene.

  • Protecting Sensitive and Personal Information

    • Know what personal and sensitive information is stored on your systems and who has access to it.

    • Implement physical security best practices.

    • Implement cybersecurity best practices.

    • Ensure your cyber incident response and communications plans include response and notification procedures for data breach incidents.

  • Responding to Ransomware-Caused Data Breaches

    • Secure network operations and stop additional data loss.

    • If no initial mitigation actions appear possible, take a system image and memory capture of a sample of affected devices.

    • Follow notification requirements as outlined in your cyber incident response plan.

More details are provided in the CISA fact-sheet(3). For additional information and guidance beyond the CISA fact-sheet, refer to the Federal Trade Commission (FTC) web page titled “Data Breach Response: A Guide for Business”(4).

References

  1. CISA: “Home Page

  2. CISA: “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breach” - Web Page

  3. CISA: “Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches” - Fact Sheet (pdf)

  4. FTC: “Data Breach Response: A Guide for Business” - Web Page