Top U.S. Banking Regulator Warns of Increased Ransomware Attacks – How to Protect Yourself

A top U.S. banking regulator recently warned banks and financial institutions to remain vigilant with cybersecurity efforts in light of an uptick in ransomware attacks. As reported by Reuters, “the Office of the Comptroller of the Currency said banks must have in place “robust” systems to identify threats and vulnerabilities in their technology and should back up key systems and records in isolation to guard against hackers looking to disrupt systems for a payout.”

The Office of the Comptroller of Currency (OCC) also warned banks about risks associated with third-party relationships, noting that there has been an increase in bad actors exploiting outside vulnerabilities to carry out “malicious cyber activities.”

As we reported last week, federal agencies, including the FBI, are warning businesses and individuals of increased risks of ransomware attacks. On November 1, 2021, the FBI issued a Private Industry Notification, warning businesses that ransomware actors are using significant financial events, such as mergers and acquisitions (“M&A”), to target victims for ransomware infections. And on November 22, 2021, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the FBI issued an advisory, reminding people to be on alert for ransomware attacks and other cybersecurity attacks during the holiday season.

To help protect against ransomware attacks and decrease the severity of their impact, businesses should:

• Run and maintain backups of critical data offline in the cloud or on an external hard drive.
• Secure data backups so that the backup is not accessible for modification or deletion from the system where the original information is housed.
• Install and update anti-virus and anti-malware software.
• Instruct employees to only use secure networks and avoid public Wi-Fi networks.
• Use multi-factor authentication when users log in.
• Require employees to use strong passwords and ensure they are not reused across multiple accounts. 
• Remind employees not to click on suspicious links, and conduct regular tests and trainings to raise awareness. 
• Identify employees who are on call for any IT security issues that arise on weekends or holidays.
• Ensure appropriate cybersecurity insurance coverage.
• Review and regularly update your company’s privacy and cybersecurity policies.

The Financial Services & Restructuring, Corporate, and Litigation Groups at Levenfeld Pearlstein are available to assist with any cybersecurity issues you may have. We would be happy to review your existing privacy, security, or cyberinsurance policies and assist with drafting any necessary updates as well. Please don’t hesitate to reach out.