If you have been watching or listening to the news, you may be aware of a ransomware attack known as WannaCry, WCry, or Wanna Decryptor that has affected many businesses in over one hundred countries. The ransomware locks files on the infected computer system and encrypts them so they cannot be accessed until you pay the ransom.
How do you protect against the WannaCry ransomware? All Microsoft Windows users should verify that their operating systems have been updated and all current security patches have been installed. Also, Broker-Dealers and Investment Management Firms can review the alert published by the United States Department of Homeland Security’s Computer and Emergency Readiness Team – — U.S. Cert Alert TA17-132.
The Office of Compliance Inspections and Examinations (OCIE) has identified multiple security practices, procedures and controls that all firms can use to guard against ransomware. The following are some of the security practices, procedures, and controls they identified:
Cyber-risk Assessment: Firms should periodically conduct risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
Penetration Tests: Firms should periodically conduct penetration tests and vulnerability scans on systems that the firms consider to be most critical.
System Maintenance: Firms should verify regular system maintenance is being completed and ensure that critical software patches that address security vulnerabilities are being installed.
As part of an effective cybersecurity program, the above are a few key security practices that each firm needs to verify they are conducting and are including in their cyber security policies and procedures. Please contact Red Oak Compliance Solutions if you would like help in drafting cybersecurity policies and procedures.