How small businesses can protect against ransomware attacks

Small businesses are often targets of hackers because they have fewer resources in the event of a cyberattack, or that’s the common misconception.

Credit: Thapana_Studio/Adobe Stock

Small and mid-sized businesses account for 90% of companies worldwide, and they employ over 50% of the global population. These businesses play a critical role in the economy, but they can also be prime targets for hackers and cybercriminals.

Data shows that small to medium-sized businesses were the victims of 71% of ransomware attacks.

These attacks may have occurred because many smaller companies typically spend less on cybersecurity measures than larger corporations, making them easy subjects for hackers.

What is Ransomware?

Andrew Lipton, VP, Head of Cyber Claims at AmTrust Financial Services, Inc.

Ransomware, or ransom malware, is a type of malicious software designed to block access to a computer system or the data residing on that system until a sum of money (or ransom) is paid, or some other action is completed. Cybercriminals often use this file-encrypting malware to go after specific targets who can pay the largest ransom possible, but this is not always the case. 

As mentioned previously, small to mid-sized businesses are likely targets because they usually have smaller security teams. Hackers also will target organizations like government agencies, healthcare facilities and financial institutions that store sensitive data because they may be willing to pay up quickly to restore access to their files. According to the Federal Trade Commission, some ransom demands issued to small businesses have been as high as $100,000. Ransomware locks a company’s files, basically holding them hostage by making data, documents and files inaccessible without a decryption key. The files are still on the device, but without paying the ransom within a specified timeframe, the organization faces losing access to them forever. According to Norton, some common ransomware examples include:

Ransomware Protection for Small Businesses

IT security has to be a priority for businesses of all sizes. Companies should not only understand how to prevent cyberattacks like ransomware, but they should also create a data breach response plan, so the steps to take in the event of a breach are spelled out in a straightforward manner. Here are a few things small and mid-sized businesses can do to help protect themselves from cyberattacks like ransomware.

Upgrade to the most recent operating system version

As operating systems update, new versions can include patches or firewalls for potential security issues that could make a business vulnerable to ransomware.

Provide regular cybersecurity training to employees

Human error causes 52% of data breaches. Staff should receive ongoing cybersecurity training to understand the organization’s security policies and the risks associated with a breach. Employees should understand the basics, like not opening emails and attachments from unknown senders, and how to recognize fake websites and email addresses, which often contain misspellings.

Keep security software updated

Many cybersecurity software programs offer real-time protection from malware attacks like ransomware. Use a trusted security suite and update it regularly, as new threats continuously pop up for both businesses and consumers.

Backup data regularly

While this may take businesses considerable time and effort, the importance of backing up information cannot be stressed enough. Consider utilizing a cloud service that incorporates high-level encryption and multiple-factor authentication. At the very least, files can be saved to USB or external hard drives as long as they are disconnected from the device, as they can also be susceptible to ransomware.

Purchase insurance coverage that covers ransomware

Cyber insurance can protect businesses from a range of cyberattacks, including ransomware. Every year, organizations, both large and small, are victims of data breaches, and every employer faces the fact that they could be the target of a network security breach. Cyber liability coverage helps protect businesses of all sizes from the financial damage incurred from cyberattacks and data breaches.

Andrew Lipton is vice president, head of cyber claims at AmTrust Financial Services. He leads the cyber claim and incident response team and coordinates with the company’s agents, brokers and insureds nationwide to ensure superior cyber claim service. Contact him at Andrew.Lipton@amtrustgroup.com. Reprinted with permission from AmTrust.

Related: