As a small, community-oriented business, fraud prevention and cybersecurity may not be at the forefront of your daily concerns. Unfortunately, this line of thinking may have made smaller companies increasingly susceptible to cybercrime. In fact, small businesses are now at the receiving end of 82% of ransomware attacks.
In this post, we’ll offer a basic overview of ransomware, as well as why it’s so important for your small business to take measures to protect itself. More importantly, we’ll give our best advice for how to stop ransomware and other cyberattacks before they start, as well as steps you can take to minimize the damage to your company, should you become a victim. Keep reading to learn more.
What is a ransomware attack?
Ransomware is a form of malicious software (‘malware’) that encrypts or otherwise blocks access to a user or business’s files, requiring them to pay a ransom in order to regain access. A ransomware attack usually starts in the form of a phishing email, often with a cybercriminal using manipulative or fraudulent means to get you to download a malware program or virus which allows them to gain access to your computer, network, or cloud storage.
Once a hacker has access to your data, they can then take yours away—by removing it from servers and hard drives or encrypting it—effectively locking you out of your business’s sensitive information. Common targets of ransomware attacks may include private client details, proprietary information, and financial and accounting information, though sometimes you will simply be locked out of all your digital files.
After you’ve been locked out, you will receive a communication with details on how to pay to regain access to this information. Unfortunately, even if you pay, there’s a good chance you won’t regain access to your files. In fact, 92% of organizations who have been attacked and paid for their information don’t get everything back.
How does ransomware affect a small business?
There are three main ways your business can be affected by ransomware:
- You lose money, paying to regain access to data.
- You lose data, whether or not you pay to regain access.
- Your sensitive data is sold or otherwise shared.
Small businesses are often prime targets for malware because they typically have more resources than individuals, while having less-robust security features than larger corporations. In the best case scenario, if you haven’t taken measures to prevent or safeguard yourself from an attack, you’ll lose your data or ransomware will cost you—$5,900 on average for small business victims.
However, the impacts of ransomware can be much greater than this:
- Your business could face significant downtime—an average of 22 days—which can result in lost sales, loss of customer confidence, and costs exceeding that of the ransom pay. Ransom demands may be much higher, too.
- Depending on the size of your business and the sensitivity of its data, it’s not unusual for higher ransom costs, even in the millions, for businesses with fewer than 500 employees.
- If data is lost forever, it can create major internal and external setbacks for your business as well as tax-season nightmares. And if that data is made public, it can tarnish your business’s reputation, violating your clients’ trust and confidentiality or exposing company secrets.
Ultimately, ransomware could be the biggest threat your small business faces. According to CNET, ransomware shuts down 1 in 5 small businesses—a scary statistic for any small business owner.
What steps can small businesses take to protect themselves?
There are a number of steps you can take to protect your small business from ransomware attacks, which includes both addressing vulnerabilities and backing up or otherwise securing your company’s data.
Make cybersecurity part of your company culture.
Because most ransomware attacks start with a phishing email, vigilance against phishing is the key to protecting your business. Offering mandatory and regular cybersecurity training for all staff is the first step. This includes:
- Training to detect phishing. Have regular training sessions to teach employees about the latest phishing trends and how to spot phishing attempts in email, texts, phone calls, and social media messaging.
- Training on different types of malware and how they infect systems. While phishing can result in ransomware attacks, this isn’t the only way malware can find its way into your digital workplace. Additionally, ransomware isn’t the only malware that businesses need to watch out for. Training employees on safe web and device usage, and how to recognize different types of malware (including spyware and rootkits) can prevent major financial losses and downtime.
- Engage employees with active security measures. This can include requiring regular changing of passwords (and not reusing passwords), setting up 2FA, regularly updating software and operating systems on all company-owned devices, and limiting access of company files on personal devices.
Not sure where to start? The Cybersecurity and Infrastructure Security Agency (CISA) offers free online training exercises for cybersecurity professionals, as well as the general public to help prepare their workforces for today’s (and tomorrow’s) cybersecurity threats.
Keep your software and devices updated.
As we mentioned above, it’s important to keep your devices updated, but it bears repeating. From operating systems to individual apps and programs, it’s essential to update your systems regularly. Hackers are constantly finding new vulnerabilities to exploit and programmers are constantly responding with updates and patches to address them—but if you aren’t updating your devices, you’re leaving them at risk.
Many operating systems have built-in virus and cybersecurity protections, which is all the more reason to keep them up up-to-date. However, adding an additional layer of protection with specific antivirus software creates overlapping protections—if one program misses an area of vulnerability, the other may catch it.
Lastly, don’t forget to update your devices, too. Outdated tech that can no longer support software updates or run the latest antivirus software should be replaced, especially if it is connected to the internet in any way.
Perform regular backups.
During a ransomware attack, cybercriminals prevent you from accessing your data, using it as leverage to extort your company for money. Backing up your data properly can ensure that you retain access to it—in some form—no matter what. And while this won’t prevent cybercriminals from selling your data or using it for other nefarious purposes, it can mean diminish the impact of a ransomware attack, prevent downtime, and possibly help you avoid paying those exorbitant ransoms altogether.
However, in order to truly protect it from ransomware you need to keep at least one copy of your data offsite or offline—that means on a device that is not connected to the internet. This can be tedious, and it may not make sense to do so every day—but even a weekly offline backup can be useful. As IBM recommends, “Schedule your backups in accordance with the amount of work that it is acceptable to lose.”
Alternatively, consider using a cloud-based backup system. Because data on clouds is encrypted, it’s more difficult for cybercriminals to access, and is therefore a less-preferred target. But clouds are not invincible—which is why using a constellation of protections, from strong passwords and 2FA to security training to avoid phishing scams, is the best way to prevent malware attacks.
Consider cyber insurance.
While cyber insurance won’t prevent an attack, it can undercut its impact, allowing your business to better navigate the aftermath and get back on its feet more quickly. Cyber insurance can cover the following costs:
- Breach response, including legal fees, public relations, ongoing credit monitoring, and data forensics
- Unauthorized electronic funds transfers, reimbursing your business for these illegal out-of-pocket payments
- Data recovery, whether it’s paying the ransom or recovering data from backups
For more information about how cyber insurance can help protect your small business, check out our post, Cyber Insurance – Does Your Business Have Enough?.
Create an incident response plan.
Even with the best precautions, it’s possible that you could still face a ransomware attack. To reduce downtown and recovery time, and to be sure that your company is prepared to make the best response decisions on their feet, be sure to have a robust incident response plan in place. Your response plan should include:
- Initial response: Including all of your employees, develop a clear process for responding to a ransomware attack, including notifying appropriate personnel, disconnecting infected devices from the network, and contacting law enforcement as well as any other necessary parties (such as your cyber insurance company).
- Recovery: Have a plan in place for restoring affected systems and data from your backups.
- Analysis: Take the time to study how the event took place—where the ransomware came from, what vulnerabilities were taken advantage of, and what could have been done to prevent it. Use this information to update your security measures, as well as your incident response plan.
In order to help businesses protect themselves from cyberattacks, CISA also offers free Incident Response Training in the form of webinars and extensive online courses.
Keep Your Accounts Safe with American National Bank & Trust
Keeping your business’s assets safe from cybercrime is one of our top priorities. From digital banking solutions with customizable user permissions to Treasury Management Services with robust fraud prevention features like positive pay and multi-factor authentication. Contact us today to see how we can best serve your small business.