An Advisor’s Guide to Ransomware

PAID CONTENT

For more information on how to prevent ransomware in your business, download this free whitepaper: Protect from Ransomware Attacks in 10 Steps.

Ransomware is one of the most devastating forms of cyber crime. Victims range from single-person offices to multinational corporations. It leaves businesses facing legal consequences, reputational damage, and even crippling financial loss. With thousands of cyber attacks happening daily in Canada, doing nothing is no longer an option. Learn here why preventing a ransomware attack is much easier and cheaper than recovering from one.

Personal identifiable information (PII) is of tremendous value to cyber criminals and access to it makes financial advisors targets for cyber attacks. According to a report by Boston Consulting Group, financial services firms are 300 times more likely to be targeted by cyber attacks than businesses in any other industry. No matter the size of your business, a financial services professional that is unprepared or under-protected is vulnerable to a cyber threat like ransomware.

When a ransomware attack occurs, it uses powerful encryption to lock the data of the affected system(s) and only the attackers have the key to unlock it. These cyber criminals then demand a ransom payment in exchange for the key to unlock the data. In some instances, they copy data and threaten to publish it online or to the victim’s clients unless payment is made. It is not just corporate data that the attackers are after, but your client data — a successful attack could lead to attacks on or exploitation of your clients directly.

According to the Sophos State of Ransomware 2021 report —only 8% of companies who surrendered and paid the ransom got all of their data back undamaged. Even if your data is fully restored, you have no guarantee that your systems have not been otherwise compromised, which could give attackers another way into your system in the future.

Backing up company data is always an important practice, and it is especially useful to reduce damage from a ransomware attack; post-incident recovery is easier, and it eliminates some of the attacker’s leverage because you have a copy of the data that they have locked for ransom. Keep your backup physically separate (such as a secure cloud environment) so that infected files are not backed up and ransomware does not spread.

While it is a controversial issue, it is strongly recommended that you do not give into the ransom demands of cyber criminals. Doing so funds their operation, allowing them to continue and contributing to funding other forms of crime and exploitation around the world.

The cost of a ransomware attack is more than financial, as you would likely also suffer reputational damage, not to mention the damage to your clients from the loss of their personal information. It is becoming more common in the financial services industry for new clients to ask about the security of their data before they agree to do business with an Advisor.

The risk of being targeted for a ransomware attack is not only for enterprise organizations. While large companies store more data, and their breaches are more newsworthy, small businesses are statistically more likely suffer a successful penetration. Large organizations also have more experience and resources dedicated to improving cybersecurity and recovering from a cyber attack. While still serious, their superior level of resources can minimize their financial and reputational damage. SMBs are easier targets in the eyes of the cyber criminals.

Ransomware attacks are often initiated when you click on an infected email or website link. Cyber criminals use a variety of techniques, both technological and psychological, to try to manipulate you to reveal, send, download, or click on something that you should not.

Emails with infectious attachments or links are the leading delivery methods of ransomware. As our working world has become more interconnected, attacks have become more sophisticated. We all have experience with identifying overtly suspicious activity, but the “tradecraft,” or the quality of the tools and methods of the attack, of some of these threat actors has become so good that it is hard to tell what is legitimate.

Some attack methods attempt to circumvent the user and gain access to the data directly. Improperly secured Wi-Fi networks and smart devices are causes of ransomware penetrations because their default passwords aren’t updated or can be easily bypassed due to unpatched devices. Similarly, supply chain attacks allow cyber criminals to compromise a system, especially software, not by attacking it directly, but by first compromising a vendor, supplier, or other partner that has access to the software prior to installation or during maintenance.

In short, threat actors will use any available method to try and gain access to your information that is not carefully and securely monitored and managed. Nothing in the tools or systems in your company should be left to chance.

Outdated hardware and software may contain known vulnerabilities that can be exploited by cyber criminals. Up-to-date technologies will be better equipped to defend against new threats. It is important to perform software updates as soon as they are available as these often contain security patches that will further reduce risk.

Data privacy compliance requirements can be complicated as they are often technical and evolving, but the overarching guidelines require PII to be kept safe and secure. It is your responsibility to meet compliance requirements and, in doing so, you will be protecting your own business.

Any data breach that poses a “real risk of significant harm” to an individual must be reported and disclosed to the federal or provincial privacy commission (depending on the province or territory of the breach), and to the affected individual. The risk of harm to affected individuals can be related to financial loss, identity theft, impacts to credit rating, damage to reputation or relationships, and loss of employment, business, or professional opportunities.

The best defense against ransomware attacks is to be aware of the risks and take steps to prevent them. There are changes you can make in your own business to improve cybersecurity and reduce your risk of falling victim to a cyber attack. Key among these activities are the fundamentals of good Risk Governance: Policy, Training, and Technology.

Every Advisor office, big or small, should have clear policies on the handling and protection of client data. Your E&O and cyber insurance providers will be asking for these details. Above all, and at the minimum, you need an Incident Response Plan (IRP) for your business. Whether it is five pages or fifty, this is your most essential plan to minimize damage in the event of a successful attack and creating it will help you assess your current cybersecurity resources and needs. Developing policies will help you review how your company already handles sensitive data and reveal any vulnerabilities before they become liabilities.

Larry Keating President

For more information on how to prevent ransomware in your business, download this free whitepaper: Protect from Ransomware Attacks in 10 Steps. This white paper, written by NPC for the SMB financial professional, will provide you with the checklist of the 10 most important steps to protect your business. From the setup and security of your computer, to understanding the importance of disabling features in Word and Excel that could make you vulnerable, this guide could save you thousands, and prevent a financial professional’s worst day, having to advise their clients they lost their personal financial information.