Mark it in history: MMXVIII is the year of ransomware. According to the 2018 Verizon Data Breach Investigations Report, while malware and hacking breaches have been on a slight decline for the last year, the use of ransomware has skyrocketed. Criminals attracted to the ease of use, minimal risk, and high hit rate associated with ransomware have flocked to the strategy in droves, costing small businesses millions of dollars. About $301 million to be exact, as stated in Datto’s 2017 State of the Channel Ransomware Report.
Businesses aren’t the only organizations that have been hit by the ransomware epidemic. Just ask the city of Atlanta, whose systems were frozen by ransomware in late March of this year, locked behind a $50,000 Bitcoin deposit. An interesting component of this case is that, regardless of whether the city was actually prepared to pay the ransom, they did not even have the opportunity. Hackers took down the payment portal not long after the breach, leaving Atlanta officials swinging in the wind.
As officials scrambled to restore basic functions of city programs, they watched a staggering $2.6 million bill accumulate in just the first two weeks— a figure that officials expect to climb another $9.5 million over the coming year.
“Sure,” you may think, “But my little enterprise is nowhere as big and complex as the City of Atlanta. ”Yes, you are small, but YOU ARE STILL A TARGET. Just because you don’t often HEAR about Ransomware attacks on small businesses doesn’t mean they don’t happen. They simply don’t get the publicity which larger-scaled hacks receive. We’ve cleaned up a number of terrible ransomware messes right here in the Mountain Empire.
Think of cybercriminals like fishermen with a wide net. They’re very happy to catch a net full of small fish instead of one big whale. In fact, it’s very profitable for them to cast their net widely to small companies. The bad guys know that businesses with fewer than 100 employees often cut corners, not spending what’s needed on cybersecurity. So they target you.
If you were a small-time criminal, would you rather break into ten high-end, unlocked homes abandoned by vacationing tenants, or pull one single, endlessly complicated Ocean’s Eleven-style heist? Attackers generally follow the path of least resistance. Small businesses (that means YOU) are on that path.
So, what do you do in response? Toughen up your barriers, tighten up your processes, and enlist your entire staff in the battle against ransomware.
Ransomware attackers don’t steal your data, they just lock you out of it. So, your best plan of defense is to make sure a ransomware breach won’t actually affect your day-to-day operations. That means regular backups, stored in places that won’t be compromised by spreading malware. If ransomware hits, your IT pros can then hunt down the source, delete it, and roll the entire system back to a recent backup.
The vast majority of ransomware attacks happen through phishing e-mails, targeting your uneducated employees. Your BIGGEST risk of getting ransomware is a careless employee who opens your network door to welcome the bad guys inside. Thankfully, it’s relatively easy to train your team—there is NO excuse not to do so. * Your employees must be vigilant for the signs of digital scams.
A key component to your defensive strategy is to work with a reputable IT firm. Yes, we’d love to have the job, but this is not a sales letter. The bigger idea is to NOT delegate your IT security to a geeky employee, your brother-in-law, or a busy one-man-band. You need a team of trusted geeks with the combined know-how, resources, and time to proactively manage your network security.
Cybersecurity is becoming more complex, with new threats emerging at least monthly. You need a comprehensive strategy to address this, not just duct tape and shoestring. Bring in the experts and ensure your business doesn’t become another statistic in the age of digital crime.
*We have 5 cybersecurity training portals to give away this month. This provides basic training to everyone on your team. To claim yours, email firstname.lastname@example.org