top of page

The Berman Buzz

Tax Tip Tuesday: Guarding Your Data and Defending Against the Digital Threat of Ransomware

Updated: Mar 25

Hard disk file locked by chain and padlock with laptop computer monitor show red binary ransomware attacking, dollar banknote and key on the table. .Cyber attack and internet data security concept.

Ransomware, which typically breaches systems through deceptive phishing emails, continues to pose a significant threat to individuals and businesses. This malicious software meticulously targets files, including crucial tax-related documents, and encrypts or corrupts them beyond usability. Subsequently, victims receive a ransom note demanding payment in exchange for the decryption key. These demands often come with threats of file deletion or public exposure if the ransom remains unpaid. Even when the victim pays the ransom, there is no guarantee the attacker will unencrypt the files.


While achieving absolute immunity against ransomware remains challenging, proactive measures can effectively mitigate its impact and reduce the likelihood of occurrence.


Ransomware Awareness and Education

Employees continue to be the most vulnerable aspect and weakest link of network security, often serving as the quickest gateway for intruders to operate in the background and strike when least expected. If ransomware attackers gain access to sensitive information or financial data, it could lead to identity theft, fraud, or other privacy breaches. Therefore, educating and training your employees on recognizing phishing emails, malicious websites, and suspicious attachments is crucial. Additionally, encouraging prompt reporting of suspicious activity and fostering a habit of 'think before you click' is essential.


Implementing the following technical controls will help reduce the likelihood of an infection.


1. Multi-Factor Authentication

Implementing multi-factor authentication (MFA) for internal network security and hosted applications is the best safeguard against ransomware attacks. While some MFA methods prove more effective than others, such as authentication apps versus text/SMS, it is imperative to integrate MFA across your infrastructure at every access point of your network. These include VPNs, firewalls, remote desktops, AWS and Azure sites, and Office 365. 


2. Software Updates and Patching

Establishing defined patching processes for operating systems, applications, software, and hardware devices within your organization is critical when addressing vulnerabilities and possible system breaches. For example, software updates consistently integrate security patches to mitigate known weaknesses, making it more difficult for malware infiltration. Automating processes across the entire enterprise architecture and monitoring execution for efficacy can bolster your security success.


3. Anti-Virus and Anti-Malware Protection

Implementing enterprise-grade, anti-virus, and anti-malware solutions will help detect and preemptively block ransomware before it compromises and infects devices. Automating this process across the entire enterprise architecture and diligently monitoring its effectiveness is crucial to your security success.


4. Backup Configuration

Developing a Business Continuity and Disaster Recovery Plan is imperative for establishing maximum Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). If this seems daunting or overwhelming, you can:  

  1. Perform a more fundamental analysis to identify critical, day-to-day business applications.

  2. Determine how long the business could sustain operations before data restoration.

  3. Collaborate with your IT team to design a backup configuration, including multiple backup schemes aligned with the 3-2-1 principle, which encompasses maintaining three up-to-date copies, utilizing two different types of storage media, and securing one off-site copy. Configurations can include off-site backups, on-site backups, air-gapped backups, full-disaster recovery restore tests, and application-level file recoverability tests. 


By adhering to these measures, businesses can enhance their resilience against potential disruptions and mitigate the impact of ransomware infections or other disasters.

5. Network Segmentation

Segmenting your network into smaller, isolated segments is an effective strategy for limiting ransomware. By adopting this approach, attackers encounter barriers that hinder movement throughout the entire network, thereby mitigating the risk of encrypting all your data.


6. Restrict and Review Administrative Privileges

Limiting administrative privileges to a select few authorized personnel will reduce the attack surface, as hackers typically want to elevate privileges once gaining access to the network. Regularly reviewing access permissions, at least every month, is crucial to maintaining a secure environment.


7. SIEM & Administrative Access Monitoring

Security Incident and Event Monitoring (SIEM) solutions now leverage machine learning capabilities to enhance their effectiveness and decrease the potential for false positives. Configuring an SIEM to generate IT and Operations Management alerts can expedite breach identification.


Here to Help

While ransomware poses a significant threat to individuals and businesses, it is manageable when the right strategies are in place. If you have questions about your unique situation or need strategic financial advice, we are here to help you navigate the complexities of tax season and ensure your financial well-being. We build value-added relationships with each client to understand their business structure to provide solid solutions, and our approach offers direct access to the firm's decision-makers. Our innovative cross-functional services help businesses address the challenges ahead. Contact us to let us know how we can best support you.



bottom of page