The Impact of Ransomware on Small Businesses
What’s going on this September? National Preparedness Month. This will be the time to increase your awareness of the safety of your business, family, pets and community. During disasters, communication is key. National Preparedness Month concludes on September 30 with the National PrepareAthon! Day.
It would be like a science fiction movie: You go to pull up the file detailing the records of your last quarter’s profit and loss statement, and instead you get a flashing notice: “Your computer has been compromised! To see your file, you must pay money!”
This is called ransomware: a type of malware sent by criminal hackers. Welcome to the world of cybercrime. In fact, ransomware can prevent you from doing anything on your computer.
Where does this ransomware come from? Have you clicked a link inside an e-mail lately? Maybe the e-mail’s subject line really grabbed your attention, something like: “Your FedEx shipment has been delayed” or “Your Account Needs Updating.”
Maybe you opened an attachment that you weren’t expecting. Maybe you were lured to a website (“Dash Cam Records Cyclist Cut in Half by Car”) that downloaded the virus. Other common ways crooks trick you into downloading ransomware include:
- Hackers impersonate law enforcement; claim you downloaded illegal material; demand a fine for your “violation.”
- You receive a message that your Windows installation requires activation because it’s counterfeit.
- Or, the message says your security software isn’t working.
What should you do?
- Never pay the ransom, even if you’re rich. Paying up doesn’t guarantee you’ll regain access. Are you kidding?
- Double check that all of the newly encrypted (and utterly useless) files are backed up, wipe your disk drive and restore the data.
- Wait a minute—your files weren’t backed up?
An ounce of prevention is worth a pound of hacking.
- Don’t open links or attachments you’re not expecting! This includes from senders you know or companies you patronize.
- Install an extension on your browser that detects malicious websites.
- Use a firewall and security software and keep it updated.
- Regularly back up data, every day ideally.
Needless to say, ransomware attacks occur to businesses. Small companies are particularly vulnerable because they lack the funds to implement strong security. Attacks on businesses usually originate overseas and are more sophisticated than attacks on the common Internet user at home or at the coffee house.
And just like the common user, the business should never pay the ransom, because this will only prolong the situation.
- Make the criminal think you’re going to pay. Tell them you need time to prepare the fee.
- Build your defense by gathering all the correspondence.
- Present this to your webhosting provider, not the police.
- The webhoster will get to work on this.
- If the loss is extensive, present the correspondence to the FBI.
- If the attack is in virus form, you’re finished.
The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained in how “phishing” e-mails work and other tricks that cyber thieves use. To learn more about preparing your small business against viruses like ransomware, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”
#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures