Most businesses depend on access to their network and digital data for daily operations. Certainly, tax professionals do. It’s every owner’s nightmare to be locked out of their own network and data, and it can be traumatic to boot up and see a red screen with a ransom note from a criminal on the other side of the world holding your data hostage. This is the growing threat of ransomware.
The IRS recently warned tax professionals that ransomware attacks are on the rise worldwide, as bad actors here and abroad infiltrate computer systems and hold sensitive data hostage. The IRS is aware of a handful of tax practitioners who have been victimized by ransomware attacks.
Ransomware is a type of malware that infects computers, networks and servers, and encrypts data to prevent access. Cybercriminals then demand a ransom to unencrypt the data. According to Pensar, the average ransom is about $679, but experts advise owners never to pay ransoms.
In 2017, at least two major ransomware attacks have swept across Europe. The recent “WannaCry” virus ransomed data on 230,000 computers in 150 countries in a single day. In this case, victims failed to install critical updates to their Microsoft Windows operating system, which enabled the criminals to exploit a vulnerability.
“Tax professionals face an array of security issues that could threaten their clients and their business,” said IRS Commissioner John Koskinen. “We urge people to take the time to understand these threats and take the steps to protect themselves. Don’t just assume your computers and systems are safe.”
The FBI warns that ransomware can be spread through phishing emails and links that redirect users to websites that may infect computers.
Criminals usually demand a bitcoin ransom be paid, in exchange for a key to decrypt the data. Victims should not pay the ransom. There is no guarantee the cybercriminals will provide the decryption key, even after a ransom is paid. Instead, IRS and law enforcement recommend prevention and backup procedures to avoid losing data to ransomware attacks.
Tips to Prevent Ransomware Attacks
Tax practitioners should educate their staff and clients about growing cyber threats, including ransomware, phishing emails and malware from websites, and take steps to prevent being victimized. Here are some best practices to prevent ransomware attacks:
- Never respond to, or click on, a link in an unsolicited email or attachment from an unknown sender.
- Securely backup data daily with a trusted vendor that retains archived backups offsite, and verify periodically that backups are dependable.
- Run antivirus and anti-malware applications daily, on every workstation and server, and configure it to automatically update with new definitions.
- Automatically update workstation and server operating systems with patches.
- Use a firewall and limit access to trusted users and programs.
- Filter spam out of inboxes and disable macro scripts from Microsoft Office files transmitted over email.
- Restrict staff ability to download and install applications from unverified vendors, including spyware.
- Implement software restriction policies, or other controls, to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers and compression/decompression programs.
Intuit® ProConnect™ also recommends appointing a principal in your firm to be responsible for security procedures. One way to increase education and awareness about cyber threats is to attend the Intuit ProConnect “Safeguarding Taxpayer Data” webinar. This hour-long webinar is eligible for CPE and has been updated with content about recent cyberattacks against tax professional offices.
Prevention is the best medicine, but if your office or client does become a victim of ransomware, don’t panic. Shut your workstations and servers down, and contact a trusted IT expert to help you recover.