Watch out, small business owners. You might be in a hacker’s crosshairs.
There’s a common misconception that small businesses are considered too small-time to be targeted by hackers and ransomware-slinging cybercriminals. Some of the owners and tech decision makers of these small business are convinced that the bad guys just want to breach the major players’ networks in the hopes of hitting the jackpot in stolen data or encrypting data so vital that the victim will pay a large sum of money for the salvation of decryption keys.
This is dangerous thinking, as we’ll soon discuss. But first, let’s step back a bit and explain what ransomware is and why it’s such a big deal nowadays.
The scourge of ransomware
Ransomware is a cyberattack that typically locks down a computer by encrypting its data. This renders the computer basically useless, as the data has been turned into gobbledygook.
The victim is notified (via text files, messages inscribed on new desktop wallpaper, or some other method) that the files have been encrypted. A ransom is demanded… and deadlines usually are tight.
If the ransom isn’t paid, the files will remain encrypted. In a world where data is king, and many business depend on their data to conduct business, a successful ransomware attack can be catastrophic and even business-ending.
How does ransomware infect computers?
Attachments and links in bogus emails and social media messages can lead to a ransomware infection. In this day and age of heightened cybercrime, you must exercise caution and rein back any click-happy tendencies you may have.
You can also be infected via drive-by downloads. This is a type of attack where ransomware infects your computer when you click on a malicious, compromised website.
Think before you click!
Data breaches and ransomware in the headlines
When you think about cybercrime in general and begin to research it, what usually comes to the forefront of thought and discourse are accounts of the bigger organizations that have been hit.
Yahoo! reported two massive data breaches in 2016. In the case of Equifax, hackers got a hold of information for millions of consumers. Even Chipotle has had its share of cyber woes, as a 2017 malware hack provided criminals access to customer payment information.
While the bigger companies and organizations certainly are targeted, one mustn’t conclude that smaller businesses are excluded.
Small businesses, big targets
There are hackers who actually prefer to attack smaller outfits. Their rationale is bigger companies have good cybersecurity in place, while small business don’t have the requisite resources or know-how to withstand a dedicated cyberattack.
According to a Verizon data breach study in 2017, 61% of breaches targeted small businesses.
Smaller businesses may also have neglected putting together good data backup, business continuity, and disaster recovery systems in place. If they get hit with ransomware, they may have to try paying the ransom to get their data back out of sheer desperation.
There are some scary statistics out there when it comes to experiencing a full data disaster like a ransomware lockdown.
In a ransomware study by Malwarebytes/Osterman, 20% of small to medium-sized companies that were successfully hit by ransomware had to immediately stop business operations.
According to the Federal Trade Commission, ransomware ransoms have been as high as $30,000.
Don’t forget the losses due to downtime and the ding in one’s prestige. Per the Small Businesses Reputation & The Cyber Risk study by KPMG, 58% of the companies and consumers polled said a data breach would discourage them from doing business with a cyberattack victim.
Also from the above KPMG study: 86% would consider removing a company from their list of vendors/suppliers due to a successful data breach.
Check out our earlier post about scary cybersecurity statistics.
IT security has to be a priority
“The reality is, all businesses regardless of size should erect and maintain a proper defense against threats to their data,” said Brian Walker, CEO of InCare Technologies. “We’ve worked with ransomware victims that have only a handful of employees.”
“Ransomware and data breaches aren’t going away anytime soon,” said Aaron Allen, Director of Technical Services at InCare. “The hackers have become too successful to stop, and we’ve become too reliant on our data. And with things like RaaS (Ransomware as a Service) available, where non-technical criminals can subscribe to a ransomware service to launch their own attacks, security has to be at the forefront of your IT priorities.”
A layered approach to IT security and ransomware protection
“Using multiple layers of security is a good method of combating ransomware and other cyber threats,” continued Walker. “Each layer is another hurdle for hackers to overcome.”
“Common sense and even a healthy dose of skepticism can go a long way in this treacherous age,” added Allen. “Think before you open that attachment or click on a hyperlink. If it sounds too good to be true, it probably is.
“Also watch out for emails that ask for any type of credentials or personal information, even if it’s from a ‘credible’ source. These are almost always malicious.”
Walker concluded: “Contact InCare today for assistance and advice related to your IT security and ransomware. Fill out the form below to or call one of our offices to schedule your free ransomware and cybersecurity consultation.”
InCare Technologies is a nationally recognized MSP (managed service provider) based in Birmingham, Alabama, with offices in Montgomery, Alabama and Jackson, Mississippi