Best Practices to Protect Your Accounting Firm Against Ransomware

Ransomware is a worldwide problem, impacting everyone from oil pipeline operators to city governments to hospital systems. In 2020, ransomware payouts quadrupled over the previous year – from $85 million to $350 million – a likely undercount as many companies don’t reveal when they’ve been hacked.

Considering modern accounting firms operate in an “always-on” digital world, it’s crucial they employ best practices to protect against potentially catastrophic ransomware intrusions. Accounting firms of all sizes are at risk from opportunistic cybercriminals. According to Cybint, a cyber attack occurs once every 39 seconds in the U.S.

Despite the imminent danger of an online incursion, it is estimated that only 5% of companies have adequate security safeguards. To that end, what can your accounting firm do to protect itself better against ransomware? This blog will discuss ways companies can defend themselves from a potentially damaging attack.


Read more: Cybercrime During the COVID-19 Pandemic


What is ransomware, and how does it work?


Before engaging in best practices to protect against ransomware, it’s important first to understand the threat. Ransomware is a form of malware that encrypts a victim’s files, with scammers demanding payment for data access.

Phishing spam – or fake attachments sent to victims via email – is one of the most common ransomware vectors. Infected attachments can take over a network – particularly insidious ransomware carries built-in social engineering tools that trick users into allowing administrative access.

Other common ransomware attacks include:

  • Drive-by downloading: Malware is secretly downloaded while users innocently browse an infected website.
  • Unprotected websites: In this instance, cyber thieves gain network access through an inadequately protected web server.

Payment extractions get increasingly complex


The ways in which ransom payments are extracted have also evolved over the years. Previously, thieves would simply encrypt host data and require payment in return for the decryption key. But as more CPAs protect themselves through improved security and best ransomware practices, criminals are finding new angles to turn up the heat.

For example, online perpetrators may steal a copy of data while encrypting it on a target’s computer. Victims rebuffing an initial payment demand may be threatened with publication of stolen data. In some cases, attackers will auction sensitive company information to the highest bidder on the dark web.

CPA tips and best practices for ransomware protection


CPAs are far from helpless when it comes to defending themselves against ransomware. These measures include:

  • Educating employees – This is the first line of defense for companies, as ransomware is commonly introduced through malicious email attachments and links. Arm staff members with secure email and browsing habits, whether it’s recognizing phishing attempts or deleting emails from unknown senders. Training should be an ongoing effort, not just a one-off session that your employees may soon forget.
  • Back up files – Having diligent data backup processes in place can significantly limit the harm caused by ransomware attacks.
  • Practice the principle of least privilege – Granting unlimited network access is potentially hazardous to your organization’s security posture – not to mention a gateway to potential mishaps from employees using unfamiliar programs or features.
  • Update operating systems and software – Software updates typically patch security vulnerabilities, meaning they should be installed immediately when available. To streamline this process, enable automatic updates whenever possible.
  • Disable unnecessary or unused features – Features such as autorun, remote desktop connections, and Microsoft Office macro content can be exploited to spread ransomware and other forms of malware.
  • Don’t pay ransoms – Unless absolutely necessary, cybercrime victims should not pay ransoms. Doing so only establishes your business as a prime target for future attacks.

Free Download: Accountants Professional Liability Cyber and Data Security Ebook


In the event of a ransomware attack

Although preventative best practices effectively protect against ransomware, it’s impossible to stop all attacks completely. Should the worst occur, consider the following steps:

  • Capture a snapshot of system memory before shutting down. This step will help in locating the ransomware’s attack vector.
  • Recall all emails suspected of carrying the ransomware attack.
  • Block network access to any identified command-and-control servers utilized by ransomware.
  • Information Security & Data Privacy Liability Insurance is another option for your organization. Companies should determine if their insurance offers reimbursements for ransom payouts.

Conclusion: Knowing is half the battle

Understanding that data security incidents will occur is key for CPAs in shielding themselves from ransomware’s worst impacts. Ultimately, “better safe than sorry” is the watchword for firms big and small – be sure to identify gaps in your current plan and be ready to contact experienced security professionals when necessary. In the case that the worst happens, make sure you have industry-leading coverages for today’s emerging data security and privacy exposures.

To learn more about Information Security & Data Privacy Liability Insurance, contact Rob Ferrini, McGowanPRO Program Manager, at rferrini@mcgowanprofessional.com today.