Defending Your Small Business Against Ransomware

1
April 2019

Imagine starting up your computer and seeing an ominous, flashing message demanding money before you can access your files. Your computer has been infected by malicious code and your files - or your entire network - are locked (encrypted). To get a code that will unlock your data, you’re supposed to pay a ransom, typically a few hundred dollars to several thousand dollars, anonymously via Bitcoin.

Ransomware is now the most common type of malware, according to the most recent Verizon Data Breach Investigations Report. Ransomware has successfully attacked big corporations, government agencies, small businesses and personal computers – even entire cities.

Small Business, Big Losses

There’s a temptation to think that malicious hackers aren’t interested in small businesses. Nothing could be further from the truth. Cybercriminals are looking for opportunities that they can exploit for profit. They don’t care whether the monetizable data belongs to a big business or a small one. And though the payoff will likely be bigger in a breach of a big business, smaller businesses are often easier to exploit – making them a very attractive target.

A new report by cybersecurity and intelligence firm 4iQ confirms that small businesses are now the favored target of cyber criminals – in fact, the smaller the business, the more likely it is to be attacked. The report also indicates that attacks overall are on the rise, data breach incidents in 2018 increased over 420% from 2017. If your small business is successfully breached, it typically costs $53,987 to recover.

Harden your defenses

Chances are you don’t have a dedicated cyber security consultant on staff – but if your budget allows you may want to hire one to review your business network and provide advice on how to close security holes. You can also outsource the handling and storage of sensitive data to third-parties, who are better equipped to protect information. An example of this would be backing up data to a cloud service and using established payment systems to handle transactions.

Backing up data to a remote cloud service is an especially good way to protect data from ransomware. Test the backup regularly to ensure it works, and don’t restore your files until your system is cleared of the malicious code. With access to your computers locked down by the ransomware, you at least know that you can restore critical records from the cloud. That said, your customers’ sensitive data will still be at risk, as hackers may opt to publish stolen data online if you don’t pay the ransom.

If you allow remote access to your databases, be especially careful about security processes. A big new trend revealed by the 4iQ study is that hackers are specifically targeting open databases. In some cases, they export your data, erase the remote drive, and then ask you to pay a ransom to get your data back.

Using two-factor authentication for all logins is one good way to help protect your data – this can be a code sent via text or an app when people try to login, or a verification email. Consider using a password manager app to simplify the use of secure passwords and make it easier to change them frequently.

Also, keep your operating system and applications – especially your web browser - patched and up-to-date, and being very careful about what software you install from online sources. You should run antivirus software that protects against malware. And be wary about clicking on links in emails and text messages, even if you recognize the sender. In general, paranoia is a good security practice. Don’t hesitate to check with a sender to confirm that he or she sent you a file or a link. But use a different communication method to check – emailing a possibly compromised account won’t help. Send a text or an IM to confirm an emailed link/file and vice-versa.

Should the worst happen, and your business is the victim of a cyberattack you will probably need a fast infusion of funding to recover from the event. You will, at the least, have to take your computer/s and other devices offline until you know they are secure. You may need to hire a security expert to come in and remediate the problem. You may need to replace computers, drives and other devices if the ransomware has totally locked you out.

One Park Financial works to help owners of small and mid-sized businesses quickly access the working capital that they need. Our process is simple and straightforward, and we’ve helped many small businesses who have been turned down by banks to access funding – even when the business owner doesn’t have a perfect credit rating. Visit oneparkfinancial.com or call 855.218.8819 to discover the options that make sense for you and your business. You can be pre-qualified in just minutes, and once approved have funding in your account in just days.