Reading Time: 2 minutes
Recent national cybercrime headlines:
“Cybercriminals Obtain Employee Credentials to Conduct Payroll Diversion”
“Business Email Compromises Business Data”
“Increase in W-2 Phishing Campaigns”
Imagine if you lost access to a year’s worth of financial information
– accounting records, tax returns, audit trails – that could either never be fully recovered, or might take months to get pieces back.
Following a recent ransomware attack on a client, we thought it could serve as a beneficial reminder about the fundamental need to continuously protect your financial data. If you don’t have prevention and continuity plans in action, it’s as vulnerable as leaving the front door to your business unlocked with all of your confidential files sitting open on your desk.
According to the FBI, the inability to access the important data can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.
The short answer is: yes, EVERYONE is at risk. As we’ve all witnessed the many incidents splashed amongst the news headlines, ransomware attacks do not discriminate. They happen all of the time, and within industries, organizations, businesses, and personal records of all shapes and sizes. The attack infiltrates businesses quickly and easily – when protection and prevention efforts are broken or breached.
Putting a Disaster Recovery Plan in Place
The FBI recommends that businesses focus on two main areas:
If you think you or your organization have been the victim of ransomware, you should contact your IT department and the FBI Internet Crime Complaint Center (IC3) at: https://www.ic3.gov/default.aspx
Additionally, as an accounting and consultancy firm, we take an offensive strategy against cyberattacks on behalf of our firm and clients. Should you fall victim to a cyberattack, we can assess the extent of damage and provide guidance on how to notify affected parties in order to reduce regulatory oversight. Contact us for more information, or an assessment.
- Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls and regular scans; and
- Continuity efforts—creation of a solid business continuity plan in the event of a ransomware attack. Back up data regularly, test those backups regularly, and secure your backups.