Imagine: You’re in an important meeting with clients, and you’re trying to pull up their files. Suddenly, you’re met with a menacing pop-up. “Your files have been encrypted,” the pop-up says. “For the decryption key, send $5,000 to account 00015 on Bitcoin before the timer runs out.” You look down, panicked, to see a timer set for 48 hours in the corner of the screen. You don’t have that kind of money to throw away, but you have important client information that you must access and protect. What can you do?
Ransomware attacks like these are one of the fastest-growing methods of cyberattack in the world. According to Fortinet, ransomware attacks increased by 435% from 2019 to 2020. If it happens to you, you could stand to lose not only the money you may pay to get rid of the hacker but also days of work while you clear your networks, important data that you may not get back, and—most importantly—client trust.
Ransomware is a kind of malware that can make all or part of your computer(s) unusable unless you pay a ransom. Most ransomware encrypts your data, such as client information, passwords and important documents, effectively making it inaccessible. It then requires a decryption key or a special code to unlock it again. You can get ransomware by clicking a link or attachment in an email, plugging in an infected USB drive or visiting a compromised website.
As an advisor, you need to stay on top of cybersecurity issues such as ransomware because you also have regulatory obligations to fulfill. If you fail to protect yourself and your clients from these types of attacks, you could be hit with fines or other consequences from your state regulatory body, the U.S. Securities and Exchange Commission (SEC), or the Financial Industry Regulatory Authority (Finra).
Furthermore, losing access to sensitive client data because of a failure to take precautions against cyberattacks can lead to lawsuits and loss of clientele. Taking the necessary precautions can prevent attacks and also mitigate the damage if your company falls prey to ransomware.
How Can You Guard Against Ransomware?
Although no plan is perfect, there are some steps you can take to help prevent ransomware attacks.
1. Train your employees (and yourself) to recognize suspicious email links or websites. Before you click a link, make sure it’s from somebody you know, that you are expecting it and that it doesn’t look “funny.” Examples of funny links are those that are misleading (for example, the link says it leads to one website but displays a different site name when you hover your mouse over it), misspelled (for example, FceBook.com, HuntngtonBank.com), have odd spacing (for example, iTunesStore Purchases, HuntingtonBank Inc.) or are from a company you do not use or have not heard of.
Don’t conduct personal browsing or searching on your office computer. By doing this, you can decrease the chances of visiting a corrupted website or clicking a corrupted advertisement and putting client data at risk.
2. Back up your important files and keep copies of them offline. The simplest way to do this is to transfer your important files onto a new USB drive with a good amount of memory storage. Then, make sure you unplug your USB drive and store it somewhere safe. Make multiple copies and store them in different locations, if needed.
If you’d prefer not to back up your files yourself, there are many products and services you can use to do these tasks for you, such as Clonezilla or Comodo Backups.
3. Set your antivirus/antimalware and operating systems to update automatically. Install an antivirus or antimalware program, such as AVG or Malwarebytes. Set your antivirus and antimalware programs to update automatically.
Be sure that your operating systems are also set to update automatically. Updates for your operating systems are often developed specifically to combat new cyberattacks and provide “patches” for the holes in your system’s security.
4. Look into third-party solutions. Before you are hit by ransomware, look into the possibility of a “zero-dollar retainer” with a cybersecurity company, a way to engage the company’s services before they are needed and for free. This way, when the time comes for them to help, the formalities will already be in place and they will be ready to help you.
If you have more than a handful of employees, consider a third-party vulnerability assessment. Some reputable companies that specialize in these assessments are Ashland Partners and Winquest Cybersecurity.
If your company has already hired a managed service provider (MSP) to oversee its computers, make sure the MSP is performing annual vulnerability assessments. Get the schedule and the results of these assessments in writing.
What To Do If Your Advisory Firm Is Hit By Ransomware
Unfortunately, even if you have taken steps to protect yourself, you may still be at risk. So what do you do if your network gets infected?
First, disconnect the infected computer from your network; turn off the wireless card or pull out the network cable. Isolate the infected computer as much as possible. Then, call your cybersecurity company or your local IT personnel.
If you have external backups, a full recovery could be as simple as restoring your computer systems from your backups. If not, the options become limited by how critical your lost information is and how much you have prepared.
If you decide to contact a cybersecurity company, they may be able to “fight” the ransomware and decrypt your files. Most companies also guarantee the removal of the ransomware.
If You Don’t Have Backups, Should You Pay The Ransom?
Federal agencies are now recommending that you do not pay the ransom unless the information you will lose is life saving or time-sensitive. Recovering the data after you pay is not guaranteed; the hackers are often overwhelmed by the number of people paying the ransom and cannot keep up. Instead, contact your local law enforcement agency along with your cybersecurity company or IT personnel.
If you do pay the ransom and gain access to your files again, do not forget to “clean up” your computer to clear your systems of the malware. If you do not, the hackers may hit you again as you will be an easy target. If you have retained a cybersecurity company with a “zero-dollar retainer,” they may be able to combat the ransomware virus and attempt to decrypt your files.
Unfortunately, no one is completely immune from ransomware. Hospitals, banks and private citizens have all been hit. Take some precautions now and you can protect your firm—and your clients—from this dangerous cybercrime in the future.
Jeffrey Ingalsbe is chief information officer/chief information security officer for Flexible Plan Investments Ltd., a registered investment advisor with over $1.8 billion AUM (10/31/21).