4 minute read
Ransomware: The Exploding Threat To Small Business
from The Link Issue 39
by The AHLC
By Paul Albee, managing partner, ATS Design Group, Syracuse, New York
When a cyber threat grows by more than 135% in just one year and continues to grow unabated, every business owner — and especially every small business owner — needs to sit up and pay attention.
Ransomware attacks have been more and more in the news in 2021 and for good reason. When it comes to ransomware, cybercriminals are indiscriminate. They don’t care how big you are or how small.
How do ransomware infections occur?
The most common ransomware infection that occurs is email spam and phishing. Never click on anything in an unexpected email, regardless of how legitimate it may appear. Unexpected emails purporting to be from legitimate sources such as “Quickbooks Support” or “Wells Fargo Customer Service” should always be treated as suspect. When it comes to cyber safety, be extra careful and protect yourself. One of the best rules of thumb is to never click on a link in an email, but instead call the company, determine if the subject of the email is legitimate, and handle any issue over the phone.
Virtually 100% of computer virus and malware infections can be attributed to human error — poor user practices, lack of cybersecurity training, weak passwords, and just plain clickbait.
As ransomware attacks continue to multiply, there are several practical steps small business owners can take to help reduce their risk of becoming a victim of such an attack, which could virtually destroy their business.
Cyber Insurance
Talk with your insurance agent and buy cyber insurance with enough coverage to meet your needs and more. The costs of a ransomware attack can be extremely high. While cyber insurance won’t prevent an attack, it can help you protect yourself from devastating business losses even if you don’t pay the ransom.
Beyond the financial security that cyber insurance provides, your insurance company will be there as your first point of contact in the event of a cyberattack and will be able to put you in touch with experts who can help you recover from the attack. Review your business liability insurance with your insurance agent, particularly as it relates to data breaches of sensitive customer and employee information.
Daily Off-Site Backups
Daily on-site backups of your data are nice and are certainly better than no backup at all. But on-site backups can become encrypted by ransomware and rendered totally useless.
Off-site backups are far better and many backup software manufacturers include a “crypto-guard” feature that protects the integrity of your off-site backups from being inadvertently overwritten by corrupted data.
Monitor your backups. Never assume that your backups are actually being made. Check each day to make sure your backup from the previous night was completed successfully, and that it was a good backup with no critical errors. Most backup software provides automatic email notification when a backup finishes. Make sure you review it each day. Your business’s future and well-being depend upon it.
Remote Access to Your Network
Working remotely from home can be extremely convenient for a salon owner, and there are a host of software applications that allow you to do just that. But in the process of setting up remote access to your office network, you can inadvertently expose it to hackers. Be sure you have a qualified IT specialist scan your network and make secure it is secure from any external vulnerabilities.
The Exploding Threat to Small Businesses
Similarly, under no circumstances should you allow employees or customers to connect to your salon’s WiFi network with their smartphones. These are notorious vectors for office network infections.
Network Firewall Protection
It can be helpful to understand how many email-based infections actually happen. When you click on a link in an email, your web browser sends a signal to the remote host to which the link in the email points. Normal network routers such as those provided by cable companies or other consumer or home office routers allow such outbound traffic to pass without challenge. A proactive network firewall will inspect this traffic, look where it is going, and if the remote target is a known spam, phishing, or ransomware source, it will prevent the traffic from going through. The virus “payload” is therefore blocked from such a download request from your browser, thereby keeping your computer and office network safe. There are a number of firewall appliances available that are ideal for small businesses, including those manufactured by Fortigate and SonicWall, among others. Talk with your office network IT specialist.
Implement a Written Network Security Policy
A written network information security plan details your company’s security controls and policies. Talk with your insurance agent about what needs to be included in such a written policy statement and what you need to do to ensure that your insurance underwriter doesn’t find an excuse to deny your claim, should the need arise. Specific requirements vary from state to state.
An Ounce of Prevention
The financial toll of a ransomware attack is much greater than any ransom you may decide to pay. Downtime translates into lost revenue, vastly increased financial liability, and lost productivity to which organizations large and small can attest. While none of these measures can prevent a ransomware attack, staying educated and taking adequate precautions can greatly reduce the exposure you could have to such an attack and will help you reduce the effects of a ransomware attack should it occur. An ounce of prevention can save you many a sleepless night.
