Ransomware attacks have been happening for a number of years, but the WannaCry attack in May attracted worldwide attention. My first article on ransomware was back in the September 2015 issue of Investment Advisor. However, when you have a ransomware attack of the size and scope of WannaCry, it demands additional attention.
Sometimes simple steps are the first defense against a cyberattack. I understand that advisors frequently outsource cybersecurity responsibilities, but there are several lessons to consider in the aftermath of the WannaCry attack.
My first observation on WannaCry is how quickly it spread around the world. One of the main reasons for its swift impact was that older operating systems were not up to the task of blocking it. Unfortunately for us, the “bad guys” understand that there is always a group of users who do not regularly update their operating system and other important programs (Java, anti-virus, etc.). They use these older systems as an entry point for their malicious attack.
To prevent these kinds of exploits, make sure all your systems are up to date with the latest bug fixes and security protections, including personal computers and any servers you maintain. If you do have computers running older operating systems, do they really need to be connected to your network 24/7? You could isolate these computers from your network or from the internet. The same principle applies if you have an older server for backup purposes. Any of these machines could become the entry point into your network.
A common but often overlooked piece of cybersecurity hardware is your firewall. The cost of a firewall device can range from under $100 to thousands of dollars. Selecting the best firewall for your firm involves a number of factors including your type of network, systems, access requirements, underlying data storage and other items. If you selected your firewall based on what was on sale, you would be well-served by speaking with an IT consultant to ensure you have the right level of protection.
Data: What, Where, Who
Advisors often do not have a good understanding of what data they are storing and where it is. An employee’s personal computer is often the first device compromised by an attack. If nothing is stored locally on that computer and the attack was limited to that device, you can probably reimage the computer and essentially start over fairly easily.