In recent months, cyber attacks, especially ransomware attacks, on large companies have brought far-reaching, crippling effects that rippled through the economy. Over the past six months, a major U.S. pipeline and meat processing facilities have been impacted as well as countless smaller attacks by cyber criminals.
Do you think you’re safe because you’re a small business? Think again. Fifty to 70% of ransomware attacks target small and medium-size companies, according to the Secretary of Homeland Security Alejandro Mayorkas. Recent changes in business practices – especially employees working remotely from home have left small companies even more vulnerable. Cyber crimes cost $2.7 billion in 2020, according to the FBI’s Internet Crime Report.
In ransomware attacks, criminals use malware — some type of malicious software — to take over and encrypt a victim’s files and data. They effectively hold the data hostage until the victim pays a ransom to release it. The surge in remote work during the pandemic has been a golden opportunity for hackers; they took advantage of out-of-date VPNs (virtual private networks) and unsecured home networks.
A ransomware attack on a small business can be more crippling than a larger company. An estimated 60% of small businesses fail within six months of an attack, according to the National Cyber Security Alliance. For companies that recover, repeat ransomware attacks are increasingly common.
Small businesses are attractive targets because they typically lack the budget and resources to prevent, identify, respond to, and recover from ransomware.
If your business is the victim of a cyber attack, you’re almost guaranteed to lose some of your data and information. Ninety-two percent of ransomware victims who comply with demands of hackers do not get all their data back, according to security firm Sophos.
Most experts recommend not to pay any ransom, as it will boost further attacks. The best strategy is to have a good defense and effectively work to prevent attacks in advance.
Given the emotional fog during an attack, most companies need to think out their ransomware strategies in advance and know when they would and would not pay. Companies also need to know what your insurance covers. Perhaps more importantly, plan: figure out your vulnerabilities and how to defend your business. Put together a crisis management team and an IT leadership group, review your insurance policy for cyberattack coverage, and talk with your insurers about it.
Start by learning about common cyber threats, understanding where your business is vulnerable and taking steps to improve your cybersecurity.
Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software. Phishing is a type of cyber attack that uses email or a malicious website to infect your computer with malware or collect your sensitive information. The phishing emails look as if they have been sent from a legitimate organization or person. They entice the recipient to click on a link or open an attachment that contains malicious code; once the code is run, your computer may become infected with malware.
There’s no substitute for dedicated IT support — whether it’s an employee or a consultant. However, businesses of more limited means can still take measures to protect themselves.
You can get some free help. The Federal Communications Commission offers a cyber security planning tool. The Department of Homeland Security offers assessment services and also scanning services to help uncover weaknesses in Internet systems.
Secure your networks. A VPN connection establishes a secure connection between you and the Internet. All data traffic is routed through an encrypted virtual tunnel. It disguises your IP (Internet Protocol) address when you use the Internet, making its location invisible to everyone. A VPN connection is also secure against external attacks.
Here are some other things you can do:
— Train employees
— Use antivirus software and keep it updated
— Use strong passwords and multifactor authentication
— Secure payment processing
The Small Business administration and the National Cybersecurity Alliance, a public-private partnership, provides virtual and in-person cybersecurity events to help small business owners stay secure.
Another increasing type of financial fraud scheme is the ‘deep fake.’ Criminals use fake video calls and phone calls to impersonate an executive and trick employees into making financial transactions. They use technology that makes it seem like you are talking via video or audio to the actual person when the criminal is behind it.
Don’t count on law enforcement being able to recover ransomware payments. Almost all payments are made in Bitcoin although that is changing. Experts caution against placing too much faith in the ability of federal authorities to track the funds.
