As part of its 10-week “Don’t Take the Bait” security awareness campaign, the IRS warns that ransomware attacks increasingly target tax professionals.
As the name suggests, ransomware holds hostage the data that it infects on computers, computer networks and servers. The crooks then demand money – the ransom – to release the data. Computer users typically aren’t aware of the infection in their systems until they get the ransom request.
“Tax professionals face an array of security issues that could threaten their clients and their business,” said IRS Commissioner John Koskinen in a prepared statement. “We urge people to take the time to understand these threats and take the steps to protect themselves. Don’t just assume your computers and systems are safe.”
In fact, the 2017 Phishing Trends and Intelligence Report issued annually by Phishlabs named ransomware’s rapid increase as a public epidemic.
Here’s an example. In May, a ransomware called “WannaCry” targeted users who hadn’t installed a critical update to their Windows operating system or who were using pirated versions of the system. Within a day, cybercriminals held data on 230,000 computers in 150 countries for ransom.
Generally, ransomware arrives in the form of phishing emails. Unsuspecting users open a link or attachment in the email, which launches the malware. However, according to the IRS, the FBI is warning that ransomware can infect computers in other ways. That includes using a link that redirects users to a website that infects their computer.
Ransomware victims should not pay the ransom, which only encourages the crooks. Indeed, the crooks often won’t provide the key to unlock users’ computers even after they pay the ransom, the IRS states.
Here are nine tips that tax professionals should consider to protect themselves against ransomware attacks:
- Employees must be aware of ransomware and of the role they play in protecting data.
- Consider using a centralized patch management system to ensure that security patches are installed on operating systems.
- Make sure that anti-virus and anti-malware programs automatically update and scan regularly.
- Use administrative accounts only when needed and no users should be assigned administrative access unless necessary.
- Use computer access controls carefully. If users require read-only information, don’t allow them write-access to those files or directories.
- Disable macro scripts from office files send by email.
- Use software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular internet browsers or compression and decompression programs.
- Back up data regularly and ensure that they are done correctly.
- Secure backup data. The backup device shouldn’t be connected all the time to the computers and networks it backs up. This will ensure the backup data remains unaffected by ransomware attempts.
If your firm’s computers are hit by ransomware, contact the FBI at the Internet Crime Complaint Center (IC3). You should also contact your local IRS stakeholder liaison, who are organized according to geographic regions.