Small Businesses at Risk for Ransomware
Recent headlines of ransomware attacks often feature entities such as governments, major hospitals, oil refineries, and large corporations as the targets. These attacks typically impact thousands of devices – with hackers holding the target’s private data hostage in exchange for eyewatering sums of money. Earlier this year, a meat processing company has admitted to having paid $11 million to hackers when its computer systems were compromised in a cyberattack.
Indeed, ransomware is a $20 billion industry, with the typical ransom amount being nearly a million dollars for large enterprises. Thus, it might appear cybercriminals only target large entities because the expected payouts are highly lucrative. For a long time, small business owners have relied on their small statures; they believe that international hacking groups are unlikely to spend the time and effort to target them when there are much bigger fish to catch. Why target a small-town law firm when large corporations with much more valuable data are out there?
However, recent studies have revealed that this security-through-obscurity approach that small business owners have relied on is no longer tenable. It’s found that 71% of new ransomware attacks involve small businesses. We now live in an era where no business is too small to become a victim of a cyberattack. It’s found that a businesses’ small size actually makes it an attractive target for cybercriminals. Hackers risk exposure and prosecution whenever they set their sights on a large corporation or a government entity. Large businesses typically have robust cybersecurity measures in place and have the budget and resources to recover from a cyberattack without paying for a ransom. Small businesses are seen as low hanging fruit and easy and attractive targets for cybercriminals.
Why Small Businesses Are Attractive Ransomware Targets
Small businesses typically do not make the same investments in cybersecurity that larger companies do. Managers and decision makers often have difficulty seeing the value of proactive IT security. Some rely on consumer grade antivirus and firewall products to protect their computer networks, and one in five businesses do not employ any security measure at all. Small businesses do not always have reliable data backups and do not have disaster recovery plans. Online criminals know how vulnerable small businesses specifically are and use this fact to their advantage.
Additionally, certain small businesses such as health clinics, tax preparation services, law offices, and other businesses that deal with highly sensitive client information are most at risk. The information contained in their computer networks such as private health information and social security numbers are highly valuable to online criminals, so online criminals are incentivized to target these businesses.
The rise in popularity of remote working due to the global pandemic has also increased the attack surface in which hackers can infiltrate a small businesses’ computer network. Companies now must support a myriad of devices across long distances. Some even allow employees to use their own private computers for work related purposes. Workers embrace this bring-your-own-device (BYOD) policy as it allows them to carry out their work duties using devices that they know best. However, BYOD can spell disaster for companies if not managed properly. It only takes one compromised device to bring down an entire computer network.
What SMBs Can Do to Protect Themselves
Awareness and training amongst employees still remain the best and first line of defense when it comes to preventing a cyberattack on a business. Malware is commonly introduced through phishing emails – these are emails that are disguised to have come from trusted sources such as financial institutions, IT companies, or even known associates. The message body typically contains a link to a malicious website or a file download. Providing private information (such as usernames and passwords) to the website or clicking on the attached file is how cybercriminals can take over a victim’s computer and private information.
Here Are a Few Tips on How You a Small Business Can Protect Itself
- Have reliable and up-to-date data backups. Backups form the backbone of any disaster recovery plan.
- Train employees how to spot phishing emails
- Periodically update software and hardware
- Do not insert USB flash drives whose source is known
With enough education and training, employees are empowered to be able to detect these threats early and prevent a cybersecurity incident. Businesses that deal with customers’ private health records, social security numbers, or even simply just names, phone numbers, and addresses are highly encouraged to partner with an IT support company such as a managed services provider (MSP). Not only does an MSP address and fix computer issues as they arise, but businesses that have IT partners are better equipped and positioned not to become victims of a cyberattack themselves.