IPA 2025 membership and licence renewals now open

Safeguarding your insolvency practice against cyberattack and ransomware threats: Lessons from the Wannacry attack

As Insolvency Practitioners are responsible for managing sensitive financial data and safeguarding the interests of creditors, clients, and stakeholders, the threat of cyber-attacks, particularly ransomware, remains a significant concern. In light of the infamous Wannacry attack of 2017, which had severe repercussions on organisations in over 150 countries, the insolvency profession must remain vigilant and take proactive measures to protect your insolvency practices against such threats.

Understanding the risks: What is ransomware?

Ransomware is a form of malicious software that encrypts an organisation’s data, rendering it inaccessible until a ransom is paid to the attackers. The consequences of falling victim to ransomware can be dire, leading to data loss, financial losses, operational disruptions, and reputational damage. The Wannacry attack serves as a sobering reminder of the widespread chaos and economic impact such cyber-attacks can have. The damages in the UK were estimated at £3.1billion, the repercussions are still being felt and fresh attacks are happening all the time.

The imperative of access control measures

One of the most effective ways to protect your insolvency practice against ransomware attacks is through implementing robust access control measures. Access control entails the process of managing and restricting access to critical systems, data and applications within an organisation. By adhering to best practices in access control, we can significantly reduce the risk of unauthorised access and potential data breaches. Full tailored guidance by size of organisation can be found on the National Cyber Security Centre website. A summary of the key steps is listed below.  

Key steps to strengthen access control and defend against ransomware:

  1. Multi-Factor Authentication (MFA): Enable MFA for all accounts and applications used in your insolvency practice. MFA adds an extra layer of security, requiring users to provide multiple forms of verification before gaining access.
  2. Password security: Ensure the use of strong passwords and encourage regular password updates. Weak passwords are easy targets for attackers.
  3. Principle of least privilege: Apply the principle of “least privilege” to restrict access rights to the minimum level required for each individual or role. Limit access to critical systems and data to authorised personnel only.
  4. Data backups and disaster recovery: Regularly back up all critical data and verify its integrity. Establish a robust disaster recovery plan to ensure swift data restoration in case of a ransomware attack.
  5. Continuous employee training: Conduct routine cybersecurity awareness training for all staff members. Educate them about the risks of ransomware, phishing and other cyber threats. The Met Police provide useful training which can be arranged through their website.  
  6. Prompt software updates: Keep all software, operating systems and applications up-to-date with the latest security patches. Vulnerabilities in outdated software can be exploited by attackers.
  7. Network segmentation: Implement network segmentation to isolate critical systems from less sensitive ones. This strategy prevents the lateral movement of ransomware within the network.

Learning from history to protect our profession’s future

The Wannacry attack demonstrated the potential havoc and devastation caused by ransomware. As IPs, it is important to take proactive steps to protect your practices against cyber threats. By implementing control measures, you can strengthen your collective defence and protect any sensitive financial data.

In conclusion, IPs need to ensure that they have reviewed and tested the security of their insolvency practice and make sure that they have adopted robust control measures. It is important to stay vigilant, stay secure and make sure that all attacks are reported to Action Fraud and the ICO. Prevention is always better than trying to fix an attack. The average downtime to ransomware is advised as 7-12 days and the average data recovery is around 65%. The financial impact is likely to be considerable. The official recommendations are not to pay a ransom as there is no guarantee that this will fix the problem, and your firm is more likely to be a future target.