Imagine: You’re in an important meeting with clients, and you’re trying to pull up their files. Suddenly, you’re met with a menacing pop-up. “Your files have been encrypted,” the pop-up says. “For the decryption key, send $5,000 to account 00015 on Bitcoin before the timer runs out.” You look down, panicked, to see a timer set for 48 hours in the corner of the screen. You don’t have that kind of money to throw away, but you have important client information that you must access and protect. What can you do?
Ransomware attacks like these are one of the fastest-growing methods of cyberattack in the world. According to Fortinet, ransomware attacks increased by 435% from 2019 to 2020. If it happens to you, you could stand to lose not only the money you may pay to get rid of the hacker but also days of work while you clear your networks, important data that you may not get back, and—most importantly—client trust.
Ransomware is a kind of malware that can make all or part of your computer(s) unusable unless you pay a ransom. Most ransomware encrypts your data, such as client information, passwords and important documents, effectively making it inaccessible. It then requires a decryption key or a special code to unlock it again. You can get ransomware by clicking a link or attachment in an email, plugging in an infected USB drive or visiting a compromised website.
As an advisor, you need to stay on top of cybersecurity issues such as ransomware because you also have regulatory obligations to fulfill. If you fail to protect yourself and your clients from these types of attacks, you could be hit with fines or other consequences from your state regulatory body, the U.S. Securities and Exchange Commission (SEC), or the Financial Industry Regulatory Authority (Finra).
Furthermore, losing access to sensitive client data because of a failure to take precautions against cyberattacks can lead to lawsuits and loss of clientele. Taking the necessary precautions can prevent attacks and also mitigate the damage if your company falls prey to ransomware.
How Can You Guard Against Ransomware?
Although no plan is perfect, there are some steps you can take to help prevent ransomware attacks.
1. Train your employees (and yourself) to recognize suspicious email links or websites. Before you click a link, make sure it’s from somebody you know, that you are expecting it and that it doesn’t look “funny.” Examples of funny links are those that are misleading (for example, the link says it leads to one website but displays a different site name when you hover your mouse over it), misspelled (for example, FceBook.com, HuntngtonBank.com), have odd spacing (for example, iTunesStore Purchases, HuntingtonBank Inc.) or are from a company you do not use or have not heard of.
Don’t conduct personal browsing or searching on your office computer. By doing this, you can decrease the chances of visiting a corrupted website or clicking a corrupted advertisement and putting client data at risk.
2. Back up your important files and keep copies of them offline. The simplest way to do this is to transfer your important files onto a new USB drive with a good amount of memory storage. Then, make sure you unplug your USB drive and store it somewhere safe. Make multiple copies and store them in different locations, if needed.
If you’d prefer not to back up your files yourself, there are many products and services you can use to do these tasks for you, such as Clonezilla or Comodo Backups.