Safeguarding your insolvency practice against cyberattack and ransomware threats: Lessons from the Wannacry attack

IPA Insolvency Practitioner newsletter, August 2023

Contents

• Paul Smith, CEO
• Paul Davis, President
• Director Loan Accounts written-off as part of corporate insolvencies
• Financial sanctions guidance
• Supreme Court ruling means many Litigation Funding Agreements are unenforceable
• The importance of consumer protection in insolvency: Understanding Section 75 of the Consumer Credit Act
• HMRC updates
• Just a week to go to the Scotland Roadshow! (CPD: 4h)
• Spotlight on Anti-Money Laundering and Fraud (CPD: 5h)
• IPA Learning | Pension Claims in Insolvency – Are You Getting it Right? (CPD: 2h)
• New speakers announced for the 15th Personal Insolvency Conference (CPD: 6h)
• Do you know someone in the profession who deserves recognition this year?
• Discounted meeting facilities from Office Space in Town (member login required to view)
• Save money on your airport parking with APH! (Member login required to view)
• Need new IT products? Claim exclusive IPA membership offers from Dell
• CPI training with BPP – special offer for IPA members (member login required to view)
• Make savings on essential CPD with exclusive discounts on training from the IPA and our partners
• An opportunity for Registered Property Receivers!
• Committee Chair vacancy
• Case law update
• Clearway: Protecting people, property and assets
• IPA exclusive industry update from Insolvency Insider

As Insolvency Practitioners are responsible for managing sensitive financial data and safeguarding the interests of creditors, clients, and stakeholders, the threat of cyber-attacks, particularly ransomware, remains a significant concern. In light of the infamous Wannacry attack of 2017, which had severe repercussions on organisations in over 150 countries, the insolvency profession must remain vigilant and take proactive measures to protect your insolvency practices against such threats.

Understanding the risks: What is ransomware?

Ransomware is a form of malicious software that encrypts an organisation’s data, rendering it inaccessible until a ransom is paid to the attackers. The consequences of falling victim to ransomware can be dire, leading to data loss, financial losses, operational disruptions, and reputational damage. The Wannacry attack serves as a sobering reminder of the widespread chaos and economic impact such cyber-attacks can have. The damages in the UK were estimated at £3.1billion, the repercussions are still being felt and fresh attacks are happening all the time.

The imperative of access control measures

One of the most effective ways to protect your insolvency practice against ransomware attacks is through implementing robust access control measures. Access control entails the process of managing and restricting access to critical systems, data and applications within an organisation. By adhering to best practices in access control, we can significantly reduce the risk of unauthorised access and potential data breaches. Full tailored guidance by size of organisation can be found on the National Cyber Security Centre website. A summary of the key steps is listed below.  

Key steps to strengthen access control and defend against ransomware:

1. Multi-Factor Authentication (MFA): Enable MFA for all accounts and applications used in your insolvency practice. MFA adds an extra layer of security, requiring users to provide multiple forms of verification before gaining access.
2. Password security: Ensure the use of strong passwords and encourage regular password updates. Weak passwords are easy targets for attackers.
3. Principle of least privilege: Apply the principle of “least privilege” to restrict access rights to the minimum level required for each individual or role. Limit access to critical systems and data to authorised personnel only.
4. Data backups and disaster recovery: Regularly back up all critical data and verify its integrity. Establish a robust disaster recovery plan to ensure swift data restoration in case of a ransomware attack.
5. Continuous employee training: Conduct routine cybersecurity awareness training for all staff members. Educate them about the risks of ransomware, phishing and other cyber threats. The Met Police provide useful training which can be arranged through their website.  
6. Prompt software updates: Keep all software, operating systems and applications up-to-date with the latest security patches. Vulnerabilities in outdated software can be exploited by attackers.
7. Network segmentation: Implement network segmentation to isolate critical systems from less sensitive ones. This strategy prevents the lateral movement of ransomware within the network.

Learning from history to protect our profession’s future

The Wannacry attack demonstrated the potential havoc and devastation caused by ransomware. As IPs, it is important to take proactive steps to protect your practices against cyber threats. By implementing control measures, you can strengthen your collective defence and protect any sensitive financial data.

In conclusion, IPs need to ensure that they have reviewed and tested the security of their insolvency practice and make sure that they have adopted robust control measures. It is important to stay vigilant, stay secure and make sure that all attacks are reported to Action Fraud and the ICO. Prevention is always better than trying to fix an attack. The average downtime to ransomware is advised as 7-12 days and the average data recovery is around 65%. The financial impact is likely to be considerable. The official recommendations are not to pay a ransom as there is no guarantee that this will fix the problem, and your firm is more likely to be a future target.