Recently on AFP Collaborate, AFP’s private discussion board, an anonymous treasury and financial professional question asked a question about bitcoin:
“I was wondering if other organizations are considering purchasing bitcoin for potential ransomware scenarios? From a risk management perspective is this something that your organization has looked at? If so, what is your operational process if a ransomware attack occurs and the hacker is requesting to be paid via bitcoin? We have cyber insurance, but we are thinking through Plan B scenarios and I thought it would be helpful to understand what other organizations are doing and what the current best practices are for this type of scenarios? Let me know your thoughts.”
Here are some of the responses (all have been kept anonymous):
“There are probably several different strategies to be enacted here.
1. If you make a preemptive Bitcoin purchase, then there will likely be some concern about valuation volatility—in addition to a lack of confidence in the regular exchanges these days.
2. Some might argue that any such funds would be better used toward a stronger defensive (and preventative) strategy to avoid the problem in the first place.
3. Our company did experience a breach from an employee’s private email that led to some drives being locked. The company was set up to bring backups online, avoiding any question of having to pay the extortion fee. Backups and offsite storage are a great proposition in these situations.
4. Additionally, it’s good defensive strategy to ensure that different IT resources and data/files are compartmentalized so if an employee is compromised, the damage can be mitigated.
5. Lastly, solid employee training programs are needed—especially those that test the employee base with fake phishing campaigns to get a better understanding of how easily an outside hacker could succeed.”
“Prevention of damage from these types of attacks has been our focus. Our company has invested in hardware and software options that analyze emails for risky content, and allow technology network staff to monitor network threats and respond quickly to isolate an infected workstation. There are network security consulting firms that specialize in these types of system configurations.
“Also, we have trained staff on how to recognize a potentially risky email and call IT before opening attachments. If IT recognizes a rise in threats we are receiving, IT informs staff.
“Our cyber insurer has resources available to evaluate readiness prior to an attack, and a hotline to call for guidance during an attack.”
To read more responses, and to gain more insights directly from your treasury and finance peers in a safe, closed setting, visit AFP Collaborate here.