Ransomware is a multi-million-dollar crime operation that is striking organizations of all sizes. Among the findings of the Second Annual State of Ransomware Report is that 22 percent of small businesses that were hit with ransomware attacks had to cease operations immediately.
Ransomware is such a profitable scheme that experts say traditional cyber-thieves are abandoning the old ways of making money—stealing credit card numbers and bank account credentials—in favor of ransomware. Unfortunately, the crime wave is only expected to grow according to a Rochester First news article.
How does ransomware work?
Ransomware works by locking down the files required to run your business with unbreakable encryption… and only the bad guys hold the key. Even if you pay the ransom, there is no guarantee that you will get your files back.
|What does an attack look like?||Hackers are looking for financial credentials or to steal large quanities of private data to sell or make openly accessible.||Data is held hostage or even deleted until you pay the ransom.|
|How do they get in?||Hacking into databases and internal systems via root kits, key loggers, troians, and bot net attacks.||Using advanced social engineering including sophisticated emails, website advertisements or social media messages with malicious files or links|
|Which data do they steal?||Information that can be bought and sold (bank account info, credit card numbers, social security numbers, design plans, intellectual property.||Information of value to your business that you will pay to get back such as documents, research, budgets, invoices, payroll and tax data, and employee files.|
Can your business afford a ransomware attack?
To help determine the impacts of ransomware on your business, ask the following questions:
- Can I afford to pay hundreds or even thousands of dollars in ransom?
- Will my business be able to continue to operate if important files like invoices, budgets and accounting, payroll, customer data, employee data, or research data become locked?
- What would three days of downtime cost?
- How would an attack affect my customers? The reputation of my business?
How do I protect my small business from ransomware?
To help reduce the risks that your business becomes a victim of this trend, there are several strategies you can use, including having a solid data backup plan, creating policies on reporting and handling ransomware (and training employees on how to use them), keeping software up-to-date, and investing in a multi-level antivirus protection program.
The following table can assist you in developing sound prevention strategies.
|Backup files to an external drive or secure cloud||Backup to external hard drive||Backup in two formats and keep a copy offsite||Use bare metal backup and/or file and folder backup stored in the cloud|
|Create policies and educate staff||Boost employee awareness||Train staff members and create internal policies for reporting and handling ransomware||Create internal policies, train staff members and conduct testing exercises to gage effectiveness for reporting and handling of ransomware|
|Update all software to latest version||Keep computer operating systems (OS) up-to-date||Keep OS and applications up-to-date||Keep OS and applications to date; remove 'free' toolbars and adware applications|
|Use multi-level antivirus protection||Use free basic antivirus software||Use antivirus and anti-spam software||Use anti-virus with anti-spam and web link scanning software|
According to a recent survey report of more than 1,000 small and medium businesses conducted in 2017 by Osterman Research, small businesses lost over $100,000 per ransomware attack on average due to downtime. Can your small business afford not to take action?