Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. New CISA guidance provides practical tips for preventing and responding to ransomware attacks

      Articles

    Article

    New CISA guidance provides practical tips for preventing and responding to ransomware attacks

    Aug 27, 2021

    LinkedInX (Twitter)EmailCopy URL

    By Valerie Montague

    This guidance serves as an important reminder of the steps an organization should take to protect the personal information and other sensitive data that it holds from a ransomware event.

    On August 18, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued guidance advising government and private sector organizations on how best to prevent and respond to data breaches caused by ransomware.

    In encouraging organizations to increase their awareness of the threat of ransomware incidents, CISA outlines several recommendations. To prevent ransomware attacks, CISA highlights the importance of offline, encrypted backups, which limit a ransomware actor’s ability to find and delete or encrypt the backup data. The guidance also recommends identifying and mitigating internet-facing vulnerabilities, such as through vulnerability scanning, in order to reduce exposure to ransomware attacks. As many attacks are delivered through phishing emails, CISA encourages organizations to take steps to limit or eliminate phishing emails, including enabling strong spam filters and training workforce members on how to identify and report suspicious incidents. Finally, the CIST guidance emphasizes the importance of an incident response plan and a resilience plan, which helps to evaluate an entity’s operational resilience and cybersecurity protocols.

    To protect personal information or other sensitive data, CISA recommends inventorying the information the organization maintains, where it is stored, and who has access. The guidance recommends adopting physical security best practices, as well as cybersecurity best practices, including encryption, firewalls, and network segmentation. CISA also advises organizations to ensure that incident response and notification procedures comply with applicable state laws; organizations regulated under federal laws, including HIPAA and GLBA, should ensure compliance with those requirements as well.

    The guidance also addresses how organizations should respond to data breaches caused by ransomware. CISA recommends first securing the organization’s network operations by determining the impacted systems and isolating them (or powering them off if they cannot be removed from the network). Impacted organizations should triage their impacted systems to address restoration and recovery, beginning with the most critical systems. The organization should analyze the incident and work with its internal and external stakeholders, who should be outlined in the organization’s incident response plan, to mitigate, respond to, and recover from the ransomware attack. The guidance also addresses a scenario where it may not be possible to engage in mitigation, encouraging organizations to take a system image and memory capture of the devices impacted by the attack to preserve evidence of the event. Finally, CISA recommends that organizations conduct all required notifications: to individuals, other businesses, and governmental agencies, as well as notifications to CISA and the FBI or US Secret Service.

    Practices

    Cybersecurity & PrivacyHealthcare
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved