What Advisors Learned From the WannaCry Attack

Ransomware attacks have been happening for a number of years, but the WannaCry attack in May attracted worldwide attention. My first article on ransomware was back in the September 2015 issue of Investment Advisor. However, when you have a ransomware attack of the size and scope of WannaCry, it demands additional attention.

Sometimes simple steps are the first defense against a cyberattack. I understand that advisors frequently outsource cybersecurity responsibilities, but there are several lessons to consider in the aftermath of the WannaCry attack.

My first observation on WannaCry is how quickly it spread around the world. One of the main reasons for its swift impact was that older operating systems were not up to the task of blocking it. Unfortunately for us, the "bad guys" understand that there is always a group of users who do not regularly update their operating system and other important programs (Java, anti-virus, etc.). They use these older systems as an entry point for their malicious attack.

To prevent these kinds of exploits, make sure all your systems are up to date with the latest bug fixes and security protections, including personal computers and any servers you maintain. If you do have computers running older operating systems, do they really need to be connected to your network 24/7? You could isolate these computers from your network or from the internet. The same principle applies if you have an older server for backup purposes. Any of these machines could become the entry point into your network.

A common but often overlooked piece of cybersecurity hardware is your firewall. The cost of a firewall device can range from under $100 to thousands of dollars. Selecting the best firewall for your firm involves a number of factors including your type of network, systems, access requirements, underlying data storage and other items. If you selected your firewall based on what was on sale, you would be well-served by speaking with an IT consultant to ensure you have the right level of protection.

Data: What, Where, Who

Advisors often do not have a good understanding of what data they are storing and where it is. An employee's personal computer is often the first device compromised by an attack. If nothing is stored locally on that computer and the attack was limited to that device, you can probably reimage the computer and essentially start over fairly easily.

Important reminder: Encourage your staff to use their own smartphones or tablets for personal technology needs. It is a simple request that helps you separate your business from outside risks, and it can better protect your company resources from cyberattacks that originate from personal email, social media and other channels. Some firms even go as far as having a strict policy that states: "If the data is not stored on a company server (which is regularly backed up), then it doesn't exist!" Essentially, they tell employees not to expect the company to use resources to retrieve data that wasn't properly maintained.

Finding the Right Provider

When any large-scale cyberattack occurs, you should expect to receive an alert from your IT provider, the same way you might communicate with your clients after a market correction. Good IT firms understand the importance of sharing the what, where, when and how behind any cyberattack to build awareness and minimize the potential risk to their clients.

If you don't receive any communications from your IT support provider, well, it might be time to find another provider. An important component of what you pay your IT support provider for is to be your eyes and ears in this complex cybersecurity world.

If these strategies are too complex and you would rather focus your attention on other areas, it might be time to re-evaluate how you utilize cloud-based solutions. The key benefit of cloud-based solutions is that you get to leverage the provider's cybersecurity practices to protect your firm, especially if you target providers that adhere to strict cybersecurity processes. This would include how you interface with their technology, data storage and permission protocols.

Given the impact of WannaCry, ransomware attacks will unfortunately continue to be a concern for advisors and their clients. Make sure it gets the proper attention at your firm. It is important to use past events to improve our defenses and take action.

— Read A 7-Point Checklist for Advisors to Protect Against Cyberattacks on ThinkAdvisor.