Contact us: 888-996-4642 |

4 Ways to Protect your RIA Firm from a Ransomware Attack

It’s hard to keep up with all of the cyber threats that hackers invent to steal your company data. A threat you may have seen in the news recently is called Ransomware. We wanted to break it down for you and give you some ideas on how to protect your firm and your clients’ data.

Think of ransomware as “kidnapping” your computer files and demanding a ransom to get it back. Cyber criminals create a virus that encrypts or locks down your files. Unless you have the key to unlock or un-encrypt your files, you are shut out. All you see on your screen is a message from the hacker with instructions on how to pay to regain access.

However in today’s age of information sharing and interconnected computer users, the virus no longer attacks one computer or one user. It can spread to other computers, thumb drives, network file shares, and even cloud drives. Now your entire company is held ransom.

How does the virus start? Usually, an employee mistakenly clicks on a link in an official looking email that executes the virus program. Or an employee could visit an infected website that delivers a “drive-by download” of the malware. These “phishing” emails look more and more like the real deal so clicks will happen. That is why it is so essential to provide cyber security training for your employees to help them spot suspicious emails and creating a culture where employees are encouraged to notify leadership immediately if they think they have mistaken clicked on a bad link.

Unlike other classic malware that leaves a “backdoor” open into your system so hackers can steal credit card information, account numbers, and passwords over time, ransomware is much easier for hackers to implement and get their money almost immediately.

According to the 2016 Symantec Internet Security Threat Report, crypto-style ransomware attacks were up 35% in 2015 and hackers moved beyond PCs to focus on attacking smartphones, Macs, and Linux systems.

Ransomware is a major frustration because it’s almost impossible to recover the data that has been encrypted. You can’t wait until you are attacked and then look for a solution to recover the data. And, you most certainly should not pay or meet the attacker’s demands.

Instead, the focus needs to be on prevention. Here are 4 prevention practices to help you minimize the damage from this type of cyber attack. Talk with your IT Director or outsourced IT service provider to make sure your firms’ network is protected.


Back up everything.

The best way to recover files after you’ve been infected by ransomware is to restore them from prior backups.

There are several ways to back-up your data – either to disks, a data center, or the cloud. You can back up your data manually or through a service. However you choose to back up your firms’ data, understand the methodology of your disk-based or cloud-based backup plan. Verify that your backup process allows you to roll back or return to a last-known good state of data prior to the corruption. Some cloud based back-up methods overwrite changes to prior backed up data files and that is not what you want.

Today’s best practices for backup mechanisms cover three levels of backup: a file-level, image or image-level, and an offsite copy. In the case of ransomware attacks, we recommend off-site back-up copies.

We provide our clients with these three levels of back-up because it truly gives an RIA firm the tools needed to re-constitute a complete network infrastructure. You can read more about data back-ups here.


Authenticate Inbound Email

Email is the most common way hackers distribute ransomware. Attackers send very clever emails to employees that appear to be legitimate, from people they know and trust. In fact, according to the FBI, CEO email fraud has cost businesses $2.3B over the past three years. Who wouldn’t trust an email that appears to come from the CEO? A way to protect your company from these attacks is to implement sender validation technologies. These technology tools validate the IP address and domain of the server from which incoming email originates. Any suspicious emails need to be ejected from the system before a mistake can occur.


Monitor File Activity

Ransomware is a frustrating virus because an attack against an individual can quickly escalate and affect the entire firm. Why? Because ransomware viruses have the ability to encrypt shared files. Take a look at your network configuration and shared applications. You may be surprised how much sharing occurs on a daily basis.

When the ransomware virus hits your files, you tend to see rapid file overwriting. The virus is copying or creating new data onto an existing file. You can use technology tools to watch for this type of activity on your system and create a red flag. The value to this form of early detection is to quickly cordon off the infected computer and keep the virus away from any other file server, so the entire firm is not at risk.


Have a Disaster Recovery Plan

Time is critical when your network goes down – from either a cyber attack or natural disaster. Your business stops and client service suffers. You need to get back up and running as fast as possible. When a disaster occurs, emotions run high. To prevent panic mode setting in, create a Disaster Recovery Plan with the steps needed to get your firm back up and running.

In fact, a Disaster Recovery Plan is not just a best practice for RIA firms, but rather one of the 6 areas of focus for the SEC Cyber Security Exam. That’s why we help our clients create these recovery policies and procedures to keep their business functioning without delays in the event of a disaster.

As we have shared in an earlier post, data back ups are just one key component for a robust Disaster Recovery Plan.

To create the plan, audit your system to identify all of your critical data assets, know where it is located, and evaluate the potential loss or impact of losing access to that data. Not all data needs the highest level of protection. Next, outline what needs to happen in the face of a disaster including the name and number of an IT forensic team. The last thing you want to do is try to find someone qualified to help you at 3 a.m. Evaluate potential experts and have their contact information included in the plan. Your plan should also include who needs to be notified and when.

Have any questions on ransomware and how to protect your firm with tools and the right type of off-site back-up? Give us a call at 224-563-3602. We’d be happy to answer your questions. We can also share how our new solution AdvisorGuard™ was designed specifically to give RIA firms the data needed to identify breaches, collect data for a forensic team, and comply with SEC mandates.


You May Also Like:

How Good is Your Incident Response Plan

3 Ways to Keep Your RIA Firm Cyber Secure When You Travel

5 Things Every RIA Firm CEO Needs to Know About Cyber Security