Using ransomware, a hacker can take a computer and its network hostage, then force the organization that owns it to pay a “ransom” in exchange for stolen data. Most people would assume that the bigger the company, the bigger the potential payout, making large businesses more attractive to hackers.
They would be wrong.
Why are small businesses more at risk?
According to a recent CNBC article, Keeper Security’s 2016 State of SMB Cybersecurity Report revealed that hackers breached half of all small businesses in the United States over the last 12 months. How? Simply put, small businesses sit at the intersection of money and vulnerability.
Many small-business owners do not believe hackers are a threat to their companies, and are thus ill-prepared for an attack. In fact, 1 in 3 small businesses do not have the tools in place to protect themselves – things like firewalls, antivirus software and data encryption – and these types of enterprises typically do not have a dedicated IT staff or a managed services provider, either.
Not only are hackers aware of this, they also understand that most small businesses do not have the resources to investigate any attacks against them. Because they cannot afford to be offline or unable to access data for too long, most small-business owners will opt to pay the ransom and get their files back as quickly as possible. With this in mind, hackers typically make ransoms anywhere from $500 to $3,000 – just enough for small businesses to afford. For a hacker deciding whether to target myriad small businesses or go after an enterprise-level business more likely to thwart or investigate an attack, the former approach is actually more lucrative.
How to protect yourself
Cybercriminals keep upping their game to get around security measures, which means business owners need to do the same. You can start by implementing the following protective measures:
- Keep data backups in the cloud and make sure to update them regularly (this could be considered the most important defense mechanism for businesses)
- Implement layered antivirus security on all computers
- Ensure software is up to date, as hackers are known to exploit older versions’ vulnerabilities
While these tips are effective defensive measures, companies should also focus on being proactive in the fight to avoid being targeted by ransomware. Educating employees is the No. 1 thing your small business can do to stay ahead. MyITpros has written a lot about employee education, but in short, it should be much more thorough than simply holding a lunch meeting or disseminating printed flyers. Rather, employees need to be trained on best online practices, how to spot potential attacks and what to do if their computers get infected. We encourage you to discuss security trainings and other protective options with your MSP, or to reach out to us for a consult if you don’t have one! MSPs are able to both educate employees and implement the robust security measures that many small businesses do not have the resources to oversee themselves – and they do so at a fraction of the cost of a full-on breach.
The purpose of this blog is to answer the questions you ask! For more information around how to protect your business, contact us today! You can also visit our service pages and learn more about our layered approach to security!