Most people are familiar with malware and viruses that can infect computers and delete files or display advertisements. But there’s a much more sinister form of malicious technology that’s becoming increasingly commonplace in corporate computer networks: ransomware.
Ransomware infects large computer systems and can encrypt sensitive data such as financial records or client contacts; it can also lock down computers. Then the malicious software displays an ominous message demanding a ransom to decrypt the data or unlock the computer system. These ransoms can be as low as a few hundred dollars or as high as several million dollars and are usually paid in untraceable cryptocurrencies like Bitcoin.
According to the Institute for Critical Infrastructure Technology (ICIT), ransomware will become increasingly popular over the coming years. The organization’s recently issued report, 2016 Will Be the Year Ransomware Holds America Hostage, suggests that the problem lies in the exploitation of humans rather than combating advancing technology. While the healthcare sector has been an early target, ICIT believes that financial institutions may be next on the hit list.
Read on for how to deal with this cybersecurity threat. (For more, see: Educating Your Clients About Cybersecurity.)
Protecting Against Attack
Ransomware infects computers and networks in the same way that malware and viruses are transmitted — e-mail attachments, bogus advertisements, and similar techniques. Financial advisors can avoid these problems by ensuring their computer systems are secured and training employees and clients to recognize and avoid common tricks. Unfortunately, these two tasks are much easier said than done and protection requires a constant watchful eye.
The first step in protecting against ransomware is securing a computer. Encrypting sensitive files ensures that hackers won't have access to the contents of those files, even if they are able to hold them ransom. Next, advisors should employ multiple lines of defense that includes a reputable security suite — antivirus and/or anti-malware — and a firewall that can detect foreign connections trying to enter the network so they can stop them immediately.
The second step is training employees and clients to recognize potential security risks. While many employees will fall for clever tricks, there are some steps that can make the tricks more obvious. For example, advisors should show hidden file extensions in order to identify the true nature of a file before opening it, like a file with the ending “.pdf.exe” being an executable file (a potential virus) rather than a PDF file that seems innocuous. (For related reading, see: 3 Ways Cyber-Crime Impacts Business)
Mitigating Potential Losses
The single most important step to avoid potential losses is to back up everything onto a hard drive that’s not connected to the Internet. By doing so, financial advisors can avoid having to pay a ransom even if the files are encrypted, since they have a timely back-up in place. The best way to back-up data is to use an automated program that generates regular daily back-ups and encrypts them for storage on the cloud or external hard drives.
If the attack has already occurred, the first step is to immediately disconnect the computer or device from the Internet and shut it down. This may help stop the encryption of files at an early stage and enable the recovery of the rest of the files. Advisors should consider bringing the computer to a security expert that will be able to address the problem and recover as much as possible before restoring the operating system to its last known clean state.
Advisors are usually facing a deadline of 72 hours to make payment before the price goes up significantly after the virus propagates. They can buy more time by setting back the BIOS clock on the computer to an earlier date, which can trick many ransomware programs into permitting more time. This may help with some data recovery efforts, but shouldn’t be used as a way to pay a cheaper ransom. Advisors are strongly advised not to pay any ransoms. (For more, see: Financial Advisors Are Feeling Cyber-Insecure.)
The Bottom Line
Ransomware is a growing security problem for corporate networks as hackers lock down computers and demand money to unlock them. The good news is that financial advisors can avoid many of these problems by implementing security measures and training employees to recognize malicious programs. If a computer is already infected, advisors should also consider taking immediate action to maximize the odds of recovering valuable data. (For related reading, see: 7 Cybersecurity Tips for Advisors.)