Ransomware: Five things accountancy practices can do to protect their firm and reputation
Ransomware is a generic term used to describe applications that deny access to your data unless you pay a ransom to the creator of the programme. Over time these applications have evolved to become more difficult or in some cases impossible to remove. Even if you pay the ransom the chances of retrieving your data are slim to none.
Dave Watson, Managing Director of Hosted Accountants, part of IRIS Software Group, highlights the risks to accountancy practices and what can be done to protect a firm and its reputation.
The consequences for your firm can be severe. Losing your data does not only impact short term operations but also puts you at risk of future claims from clients where you have not maintained their records properly. Imagine not being able to produce payroll year reports, or your client has a tax investigation and all the working papers you have used to create the returns are no longer available. Even if you have the paper records to recreate the work there is a huge amount of non-chargeable work to do. If you can recreate the data, there is still the issue of reputational damage. No one wants to call their client and let them know you have lost all their data. Not to mention issues with GDPR, and confidentiality.
What can I do to stop it happening?
There are several steps practices can take to protect their business. It’s worth checking with your IT provider to ensure the following actions are taken:
1. Training: the most common route for ransomware to get on your system is through an email attachment or link. All users should know to treat suspicious emails with caution. Look at the domain name the email came from carefully, hover (don’t click) on the links to see where they are taking you. If in doubt phone the sender. If your users are not capable of doing this simple check, they shouldn’t be using your systems.
2. Email Security: you should have an email security system in place that scans all email BEFORE it gets to you. It should filter out spam, spyware, and scan all attachments.
3. Backup and Recovery: often the quickest and simplest way of dealing with a Ransomware attack is to wipe your system and rebuild from a backup. You must ensure your backups are physically separated from your production system or they can be caught in the same attack.
4. Monitoring and Management: a proper firewall should be able to scan traffic entering your network. If it detects malware it should automatically block that host and disconnect it from your network permanently. With a proper firewall you are really leaving the office front door open for anyone to walk in and steal your data.
5. Outsource the problem: consider working with a hosted provider that can prevent malware threats from the outset. Ensure their systems are in a very secure data centre and email is scanned for threats at the point of receipt before it gets to any inbox. Can they take care of backups? Or restore them if needed? Are they using Next Generation Firewalls that scan encrypted traffic?
Many areas of running a practice are vital but preventing a ransomware attack sits at the very heart of business-critical processes. However, with some careful planning and strategic advice, much of this can be avoided.