No doubt you are aware that cyberattacks are on the rise and have been for some time. All you have to do is look at headlines to hear of another company or organization compromised by hackers or ransomware.
No company is immune to a cyber-attack. Small businesses are especially targeted because they commonly lack the support needed to protect against these attacks. In a study by Cisco, over half of small companies interviewed reported that cyber-attack costs were around $500,000. When asked how long they could remain profitable if they lost access to critical data, over half said they would be unprofitable within a month.
In 2018, 58% of all cybercrime victims were small businesses, according to Verizon’s report, and only 14% of those were adequately prepared to defend themselves.
SMBs (small and medium-sized business) tend to fall short in many areas that leave them vulnerable to attack. Although large enterprises may present themselves as more lucrative prey, SMBs are an attractive target due to their lack of resources to defend against such attacks. Areas of weakness include failing to have a cyber safety strategy, failing to have an individual responsible for cybersecurity, failing to properly train employees on ways to help avoid or mitigate an attack, and failing to maintain proper insurance against cyber risks, particularly a policy dedicated to cyberattacks.
The US-CERT (United States Computer Emergency Readiness Team) issued a joint warning from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) to the healthcare industry regarding an elevated risk of ransomware attacks. Especially now, ensuring that our hospitals and doctors’ offices are secure is even more critical.
Ransomware is the most prevalent of attacks against SMB’s. As its name suggests, ransomware is marked by an attacker stealing and/or encrypting data files and demanding a ransom of some sort to restore them.
Imagine trying to log into your business computer only to find that your files have been taken hostage. You must either pay up or lose your data forever. This is how ransomware works.
Ransomware is typically activated when someone clicks a phishing email link, downloads an email attachment, or browses a malicious website. Once activated, it will take over the computer where these actions were performed and then looks to take over the entire network. Ransomware is looking to make the most damage possible to help put urgency around being paid in the shortest amount of time.
Once ransomware is planted, your computer will usually show a message from the hackers. It’ll demand payment to restore access to your files or unlock your computer. It might also threaten to publish sensitive data if you don’t pay up.
Cost of Ransomware:
The potential costs of ransomware go well beyond the price of the ransom.
Most businesses that are attacked experience significant downtime, resulting in lost revenue. You may also lose customers and potential new business.
What can be done?
First, assess how your IT infrastructure is being managed. Do you have an employee on staff handling IT matters that have other job responsibilities? Are they the best suited to do this job? Do they have the time to handle their job responsibilities while still effectively overseeing IT? Do you have an internal IT staff member dedicated to managing your businesses IT? What checks and evaluations are in place to assist in mitigating risk? Maybe you outsource your IT support. When was the last time they reviewed the health of your network with you? What is their disaster recovery plan? Have you seen it? If you have a breach, how long until you are back up and running? A few hours? One day? Several days?
Whether you have answers to some or none of these questions, they will give you a better sense of your preparedness in the event your systems are attacked.
There are many tools on the market claiming to protect you and your business but having the right tools in place is only part of the solution. Security tools alone will not protect you. Without a systematic process around reviewing your network regularly, you’re leaving your network vulnerable. Even if you have the best tools in place, are they implemented based on predefined best practices? Is there any device where your tools aren’t installed? Did an employee bring an unapproved device into work that may be infected? When was the last time your firewall was reviewed to see if there are any unnecessary open ports? Ensuring your network is reviewed regularly will guarantee that these items are never left to speculation.
Patch and update your devices. It’s easy to fall behind on patches and updates. Still, this lapse in security awareness can prove to be disastrous if not corrected. Ensure your servers, PCs, and network devices are patched and up to date.
Email is the number one attack vector when it comes to getting infected systems with ransomware. Often attackers will use well-crafted emails disguising their malware as an invoice, word document, or “encrypted” message.
The victim will click on the attached document or link within the email, which usually prompts them to continue to another site. This link performs a drive-by download and begins the spread of ransomware.
Having a proper anti-spam filtering system in place is critical for mitigating these sorts of risks. Anti-spam solutions have gotten very good at detecting fraudulent and infected emails and quarantining them to ensure they never reach the targeted users’ mailbox.
Above everything else – you must train your employees. Security awareness training is one of the most cost-effective ways to reduce your chance of suffering a ransomware attack. You can often prevent an attack by training your users to avoid phishing and ransomware before it even happens. From an Information Security standpoint, it is far better never to download a malicious file than to hope that an antivirus program catches it.
With 95% of cybersecurity breaches being caused by human error, according to IBM Cyber Security Intelligence Index, employees’ ongoing training is very effective for reducing cybersecurity incidences. Beginning with the apparent, cybersecurity training makes your business more secure. Making your team aware of the many threats that exist, from data breaches to ransomware, will keep them from making simple mistakes that could threaten your organization’s safety.
Suppose your business falls victim to a ransomware attack, although organizations like the FBI do not support victims paying the ransom, as an executive you will need to evaluate all options to protect your shareholders, employees, and customers when faced with inoperability issues. There is, however, no guarantee the decryption keys will be provided after the ransom is paid, and there have been cases where businesses were extorted for additional money after payment.
Ideally, if you’re prepared, you’ll have backups of your systems and data and can restore things to “normal”. Take the time to learn as much as you can about how your system was compromised and how you can protect your SMB in the future.