Don’t Wannacry – Read this
| May 15, 2017
It’s out there. You’ve read about it in the news. Maybe someone in your network of contacts has been directly affected. The WannaCry ransomware program began hitting computers worldwide on May 12.
Ransomware is malicious software designed to block access to a computer system, often until the owners or users of the computer system pay a sum of money, or “ransom,” to get access to it again.
Wannacry is being spread via phishing emails, and on Microsoft operating computers that have not installed a recently released critical security patch from Microsoft. Be wary of any emails that ask you to click on links or provide personal information (passwords, banking information, etc.). Phishing emails often have spelling or grammar mistakes, and they contain links that may at first glance look legitimate, but if you look closely enough, you’ll see they’re not. Rest or hover your mouse over the link, but don’t click on it, and you’ll see the “real link.”
For example, the link in the email may read: www.facebook.com/User_Update_Info, but if you hover over it, it’ll be something quite different, for example: http://182.232.205.com/script-user/info.jsp
Phishing emails often contain threats that if you don’t click on a provided link and provide information, your account will be shut down.
It is essential for brokerages to take steps to protect not only the private and confidential information of their clients, but also the brokerage’s own confidential information.
In the case of data loss, brokerages should have a disaster recovery plan (DRP) in place. A DRP should:
- document the processes, policies, and procedures for the recovery and continuation of technology infrastructure that is critical to your business
- include a communication plan to reach your stakeholders
- be regularly tested to make sure there are no issues recovering data and getting your system back up and running within a reasonable time frame
Brokerages should also protect their data by backing it up. This may be as simple as backing up to a disc or a separate hard drive and storing the back-up at a secure offsite location. Back-ups can also be transmitted over the internet to an offsite disk or cloud service.
In the event that you’re hit by ransomware—having your data backed up means you’ll still be able to access it, though you may need to deal with the repercussions of a privacy breach in the event confidential client information has been stolen or otherwise accessed.
Take the time to ensure your brokerage has appropriate security and recovery methods in place to protect important data, and have a plan in place in case of data loss or theft. In the case of a breach, review and follow the protocol outlined by the Office of the Information and Privacy Commissioner of Alberta (OIPC) in their Advisory for Ransomware.
For more information, please see the following resources:
- RECABlog – Planning for an IT Crisis
- Information Bulletin – Protection of Client Information
- Office of the Information and Privacy Commissioner of Alberta – Advisory for Ransomware
If you have specific questions about appropriate measures to protect and safeguard brokerage and client information, please email info@reca.ca.