Sophisticated bad actors looking to gain access to a registered investment adviser ("RIA") firm’s sensitive and non-public information may look to target the firm via a ransomware cyber attack. In a ransomware attack, hackers look to access personal or company data, block the individual or company's access to that information, and hold it hostage until a ransom is paid to unlock the data. In other instances, if the bad actor gains access to potentially embarrassing or sensitive information, the hacker will threaten to distribute the information publicly if the ransom is not paid.
Ransomware is a specific type of malware that when installed on a computer or server, encrypts the data preventing the advisory firm from accessing the data without the decryption key. In other ransomware attacks, access to a staff member's entire computer is locked or their computer is prevented from being able to load. Ransomware malware is often circulated via phishing emails and most commonly installed when a staff member downloads a malicious file via an email attachment or web link or by clicking on a link within a phishing email. Once exploited, the user receives a message on the computer screen with instructions on how to pay the ransom to unlock the data. The Federal Bureau of Investigation generally encourages businesses to not pay such ransoms. And even if the ransom is paid, there is no guarantee that the data will be released.
Here are a few common tips on how to help protect against RIA ransomware cyber attacks:
- Follow email phishing prevention best practices: Since many ransomware attacks are deployed via email phishing, remember these email phishing prevention tips:
- Don't trust the sender display name
- Be cautious if the email looks suspicious or was unexpected
- Check for grammatical and spelling errors
- Don't click on links contained within an email
- Don't download any attachments
- Be very cautious before providing remote access to your computer: Potential ransomware attacks may start with an email or phone call from “tech support” or “IT” advising of a technical issue with your computer or a specific software application. They may encourage you to navigate to a website, click a link, or install software, which then gives the hackers unauthorized access to your computer, allowing them to encrypt, lock, or disseminate your data.
- Make sure up to date antivirus software is installed on all network computers: While antivirus software cannot prevent all potential ransomware attacks, it offers an additional line of defense. You should ensure that antivirus software is installed on all devices that access your network and is set to automatically install updates since providers regularly release patches to address newly-uncovered vulnerabilities.
It’s also important for all RIA firms to remember to have all of files and data properly backed up and readily accessible. A proper back up should allow an advisory firm to quickly regain access to sensitive data, avoiding the immediate disruption of a successful ransomware attack while the firm further evaluates the situation.
Unfortunately, RIA firms are a frequent target for ransomware cybersecurity attacks given the sensitive client information that firms may have access to and the potential representational embarrassment that may result from such an incident. Ransomware attacks continue to increase in frequency and sophistication. Investment advisory firms need to recognize the risk that ransomware attacks present and actively address through proper system design, robust data back up procedures, and frequent information security staff training.
Lexington Compliance and RIA in a Box LLC are not law firms, investment advisory firms, or CPA firms. Lexington Compliance and RIA in a Box LLC do not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.