Pay much attention to the news? If so, you may have heard a few stories this year about major businesses taken offline by ransomware. It’s tough to read these stories, in part because it’s easy to imagine being in the victims’ shoes. A ransomware attack can be devastating for business, and worse – it can happen to anyone. Major technology companies and service providers included. Most articles focus on how to prevent a ransomware attack or what to do if you’re a victim. This article is different; it focuses on what to do if your solution provider becomes the victim of a ransomware attack.
When you read the news, the stories often center on the companies targeted. What went wrong. How the attackers took advantage. What data breaches occurred. The focus is rarely on the downstream victims – the hundreds or thousands of clients who lose access to a business critical service. Often, these clients find themselves left in the dark while the vendor resolves the situation. They may not know what to do or how to respond. Overwhelmed by support tickets, the solution provider may become unresponsive, which can further add to the uncertainty and confusion.
What can you do? What are your options if you find yourself in such a situation? Below are 3 practical steps businesses can take if their solution provider goes offline due to ransomware.
3 Steps to take if your solution provider is taken offline by a ransomware attack
The suggestions below come from real-world experience coaching other businesses through difficult situations caused by ransomware. Hopefully, you never find yourself in a position of needing to use this advice, but just in case:
1. Assess the situation and the impacts to your business
Before anything else, you need to determine exactly how the situation affects your business. Be specific and precise in your assessment, focusing on the exact pieces of any affected processes and systems. Track the details somewhere that’s easy to share with the rest of your leadership team (e.g. a protected Google sheet).
While you’re making the list, consider which teams are most impacted by each item. Write down the person or people who are most knowledgeable on that process or system. You may need to lean on their expertise. Also, consider any secondary or tertiary processes or systems that rely on the affected pieces, and write those down too.
Finally, go back through the list and note which items are absolutely critical. Then, decide which ones are lower priority and can wait to be addressed.
2. Contact the vendor / solution provider
Now that you have a good idea of how your business has been affected, it’s time to contact the vendor. Make sure you have the information from step 1 on hand. The more specific you can be, the easier it will be for the solution provider to assist and advise you.
Whoever maintains and updates the system is most equipped to help guide you through the next steps. Be sure to take advantage of their expertise and all of the help and support that they are offering. You don’t have to follow their advice, but it’s typically well worth your time to ask for and listen to it. Remember: your solution provider should feel like a partner who is willing to problem solve and troubleshoot with you. At the very least, they should be willing to provide a time frame for resolution. Even if it’s just a rough estimate.
If the vendor is unresponsive or unwilling or unable to help, proceed to step 3 for now.
3. Tackle the highest priorities, and don’t forget to delegate
Take that list of core processes and systems from step 1 and put together a temporary project team to tackle the highest priority items. Realize that you’re likely to be the primary point of contact on each of the project’s initiatives. Go ahead and determine what methods of communication you’ll use with each initiative leader. Will you have a daily check in? How will you know when they’re stuck? Make sure everyone’s on the same page and knows what they need to do to move forward.
For the highest priority items, which are all you should be focusing on right now, be sure each initiative leader knows the vendor’s time frame for resolution. Make sure the entire team understands the balance you’re looking for between quick resolution and stopgap for the immediate, mid, or long term.
Example: If your timekeeping vendor is taken offline by a ransomware attack
For example, when it comes to timekeeping, it seems most important to find a way to collect punches that is legible, easy on employees, accurate, and viable for payroll processing. Ask your vendor if they have an alternative punching method that’s available to you. We never recommend paper time cards, but if you choose to use them, be sure to do separate time sheets for each employee. Separate time sheets may seem like more work to keep up with in the short-term, but they’re much easier to understand when it comes time for payroll processing.
Takeaways for dealing with the effects of ransomware
Communication and transparency are key. Whether your vendor will be offline for two weeks or two months, it’s important to keep your team in the loop so that they can plan and act accordingly.
Unfortunately, ransomware isn’t the only thing that can cripple a solution provider. Major bugs, hardware failure, server issues, and other unanticipated problems can also occur. The steps above can be useful in those situations, too. Hopefully, your vendor will help get you through a difficult situation no matter the underlying cause. If not, it might be time to consider an alternative. When considering a new solution provider, we always recommend choosing one that will act like a trusted partner, not just a vendor. Look for a provider with a track record of excellent support, as well as clear, honest, and timely communication.
