Tax practitioners – as well as businesses, payroll departments, human resource organizations and taxpayers – should talk to an IT security expert and consider these steps to help prepare for and protect against ransomware attacks:
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- For digital devices, ensure that security patches are installed on operating systems, software and firmware. This step may be made easier through a centralized patch management system.
- Ensure that antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts — no users should be assigned administrative access unless necessary, and only use administrator accounts when needed.
- Configure computer access controls, including file, directory and network share permissions, appropriately. If users require read-only information, do not provide them with write-access to those files or directories.
- Disable macro scripts from office files transmitted over e-mail.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers, compression/decompression programs.
- Back up data regularly and verify the integrity of those backups.
- Secure backup data. Make sure the backup device isn’t constantly connected to the computers and networks they are backing up. This will ensure the backup data remains unaffected by ransomware attempts.
Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Tax practitioners who fall victim to a ransomware attack also should contact their local IRS stakeholder liaison.
No comments:
Post a Comment