The White House issued this memorandum to corporate executives and business leaders this week in which it stresses the need for urgent vigilance in implementing many of the best information security best practices we commonly discuss on our Privacy and Data Security Insights blog.  The memo contains good information that any business of any size should consider and implement as quickly as possible to bolster its defenses to what has been an onslaught of ransomware attacks in the past year.  

Please take these reminders and warnings seriously.  As we regularly share here, please do not fall prey to the idea that your business is too small or doesn’t have enough money to be worthy of an attack.  As counselors to hundreds of clients going through security incidents of all kinds, we at Taft Stettinius & Hollister LLP can confidently tell you this is not the case.  Threat actors are seeking opportunities of all kinds.  While your business may not have a lot of money, customers, or employees, it might have something else they want.  Most notably, it may have access to valuable business or government data, or access to larger client systems.  Perhaps your business is the way to get to that information or access.

Lastly, these attacks remind us that security is not just about the confidentiality of data.  Security is also about accessibility and integrity of data and systems.  Ask yourself:  “Can I afford to not have access to my employees, client, or vendor data for days, if not weeks?” Likely not.  If so, what is your plan to prevent the attack?  And, if the attack is successful, how can your business respond to survive it and resume operations safely?  We encourage you to read this memo and consult with experts, including legal counsel, to increase your diligence in this area to protect your business, your people and your data.