fbpx

Boards and Ransomware: Dealing with the Devil

By Betsy Atkins; Bill Lenehan contributed to this report

Bill Lenehan

For all the clever coding involved, most ransomware delivers a crude, deadly message when it strikes your company. Important company files are locked, and can be destroyed, unless you pay a specific ransom amount to an anonymous recipient with a short deadline. But if your top management, information technology team and board of directors have devoted some time, thought and resources in advance, you’ll know how to respond.

In my own recent boardroom experience, I’ve been an evangelist for getting boards active in setting and assuring effective corporate digital policies. Much of this should be basic good governance for the 21st century. However, the special dangers of digital hostage-taking demand a unique corporate governance role. If common hackers penetrate your systems to steal data, company priorities are never in doubt—you assess and limit the damages, and learn from the attack.

Ransomware is existentially different, and goes to the heart of a board’s fiduciary role. Do we as a company pay a ransom demand—or do we take the moral high ground and say no? Your board needs to tackle this question now, before an attack. The major ransomware strains offer a short time frame to comply. Convening a board meeting that quickly for a flash crisis would be both impractical and unwise. Further, the actual ransom itself can be oddly small. Would you really convene an emergency board session to discuss spending $1,000?

I’ve seen ransom demands firsthand at one of my boards. Here are some ideas specifically targeted at the unique threat of ransomware:

• Get your ethical discussion out of the way now. Your top executives and IT staff need guidance from the boardroom on the big question of whether or not the company should submit. The call is not an easy one. Losing business (and perhaps the business itself) by taking the moral high ground is not your call as a shareholder fiduciary. Your No. 1 mission is to protect the business for investors. Hold this debate now at the board level, before a hacker’s message pops up on your screen.

• Shape a corporate ransomware policy based on this discussion. Take these strategic principles and turn them into a working tactical policy. Include functional steps, such as who is to be notified, who makes the final payment decision, damage/cost tradeoffs to weigh, etc. Also, ask if you will even be able to pay the crooks. At a major company whose board I serve, we faced a short-term ransomware demand, and decided we had to pay. But the hackers demanded payment in bitcoin, and the company didn’t have a bitcoin account. This took two days to set up, by which time the deadline had passed.

• Fight hackers with unconventional warfare. Push IT to innovate outside its normal comfort zone. Third-party vendors such as Optiv, SecureWorks and Stroz Friedberg specialize in penetration testing, 24/7 threat monitoring and ethical hacking. Your IT team says it has the latest software updates and threat assessments? Good—but contract with outside experts who can make sure. The expenses involved should be modest, and today are a basic cost of doing business, like insurance.

• Speaking of insurance, check your liability and other business policies when it comes to ransomware costs. Which losses are covered, which aren’t, what compliance measures must you have in place, and what are disqualifiers? Also, how should your company decide on making a claim? (If you file a claim for a ransomware payment of $5,000, will your premiums shoot up?)

Ultimately, boards and management must respond to a ransomware crisis as they do any company crisis. They must assure good response tools and plans are in place and functioning, ask tough questions, and assure that everyone knows their role. But for the board, ransomware prep demands an added step—asking yourself if you’re ready to deal with the devil. ↵

Betsy Atkins has a newly updated book, Behind Boardroom Doors: Lessons of a Corporate Director. Atkins is a serial entrepreneur and three-time CEO. She is CEO and founder of Baja Corp. and on the board of Cognizant, Schneider Electric and Volvo.

Bill Lenehan, a longtime real estate executive, is CEO of FCPT, created from the spinoff of Darden Restaurants’ real estate. He previously served on Darden’s board as a member of its corporate governance committee and chairman of its real estate and finance committee.

You May Also Like
An Unknown Side of Cancun: Enjoy a Luxurious Stay at the JW Marriott Resort and Spa and Bring Your Taste for Adventure

Treat yourself to luxury, relaxation and unforgettable experiences at this fantastic resort.

Read More
Steiger Facial Plastic Surgery Offers Pamper Mom Facial Special

The offering is available through May 31.

Read More
NAIOP South Florida Appoints Officers, Executive Board and Board of Directors for 2022

NAIOP South Florida, a Commercial Real Estate Development Association offering advocacy, education and business opportunities to its members, has announced the following officers for the 2022 Board of Directors: President:

Read More
Pride Week Festival Begins With Tribute to Pulse Nightclub Survivor

Miami Beach Pride’s week-long festivities will commence with a special tribute to the LGBTQ+ community honoring the victims of the tragic shooting at Pulse Nightclub in Orlando. A ceremonial “flip

Read More
Other Posts
Surfside luxury condo sees notable sales

Arte at Surfside is making waves. There’s, of course, the news that Ivanka Trump and Jared Kushner are renting at the 16-resident luxury condominium. And there’s the December penthouse sale

Read More
Up in the Air: A Discussion

In a dynamic region where residents are typically on the move, everyone is wondering about the health of the airline industry and the safety of airports and airplanes. Everyone is

Read More
South Florida Yachting Legend Passes

Robert “Bob” Roscioli, an icon in the South Florida marine industry, has passed away. Many recognize the name Roscioli from the widely-successful and world-renowned Roscioli Yachting Center, a full service

Read More
Four key steps

[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column width=”2/3″][vc_column_text] What a crazy time we are all experiencing. Right now, getting back to basics is most important. It is not and

Read More