Ransomware attacks are an increasing threat to the public. These attacks indiscriminately affect countless computers and can cause permanent loss of personal, organizational and client data every year. These attacks are responsible for billions of dollars in lost productivity, damaged reputation, and direct financial loss. Even the IRS has warned tax professionals that ransomware attacks are on the rise worldwide, and has launched a security awareness campaign called “Don’t take the Bait” to help tax professionals navigate these threats. You may be asking yourself, “what is a ransomware attack”? Or more importantly, “how do I protect myself, my organization, and my clients from them?
Ransomware is malicious computer software or malware. Once malware has made its way into your computer it infiltrates itself into the operating system, blocking access to files. It can affect your spreadsheets, client tax returns and affect your ability to work. Over a series of days, your files, spreadsheets, photos and documents will be silently encrypted and you will lose access to them. Once the encryption process is complete your system will be locked up and a ransom notice displayed. The notice will give a bounty amount and a time frame to comply. You will have the option to either pay the bounty or risk losing your files forever. Most people don’t even know that they have been infected with ransomware until they are prompted with a ransom request. As financial professionals, we are not only obligated, but legally required to protect our client data. Therefore, these ransomware attacks pose a critical threat to our organizations and our clients.
The most common methods for a ransomware to infiltrate your system is through email, a malicious download, or a compromised software package. The most common ways the malware is acquired is by opening an email attachment, using a compromised USB memory stick or a download from a hacked website.