The IRS is continuing to warn tax advisers to take protective action against ransomware. This week the IRS published specific steps to avoid becoming victimized by ransomware.
In a ransomware attack, cybercriminals will download malware on your computer. The malware encrypts your files. Because you lose access to all of your files, you are directed to make an electric electronic payment. If you make the payment, the cybercriminal may give you a key to unlock your files.
In May 2017 there was a worldwide ransomware attack with the name "WannaCry." The malware attacked older versions of Windows software. In one day, the malware locked files on an estimated 230,000 computers worldwide.
IRS Commissioner John Koskinen stated, "Tax professionals face an array of security issues that could threaten their clients and their business. We urge people to take the time to understand these threats and take the steps to protect themselves. Do not just assume your computers and systems are safe."
The IRS published several specific strategies for tax advisers.
- Education -- Ensure that all of your employees are made aware of the risks of ransomware. They should understand how critical their role is in protecting your data.
- Antivirus software -- All of the organization computers should have appropriate software to protect against a virus or malware. The software should be updated each day over the Internet.
- Write Access -- Limit the ability to write files to hard drives to those staff who need to save data. Some files may be used by staff with "read-only" permission.
- Backups -- Make daily backups of all of your files.
- Backup Connection -- Your backup system should not be continuously connected. If it is, the cybercriminal may infect both your computer and the backup system.