If I’ve heard it once, I’ve heard it a million times: “My business is too small for a cyber crook to bother with me.” Oh, my friend you are so, so wrong. No company is too big or too small for a ransomware dealer to come knocking at your virtual door.
A recent report from Webroot, The Hidden Costs of Ransomware, found the vast majority—85%—of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.
You should. These days anyone who needs some holiday money can launch a ransomware attack. Thanks to ransomware-as-a-service on the dark web, all a crook needs is some BitCoin and they’re off to try to crack your business. According to security company Sophos, ransomware-as-a-service now comprises almost 60% of all ransomware attacks. The fact that some of these would-be crooks have discovered that their ransomware partners aren’t trustworthy is darkly funny, but in the meantime, the attacks keep coming.
A simple fact: Just because you won’t be hit with multi-million dollar demands that make headlines doesn’t mean a ransomware extortion attack won’t cost you weeks of work and tens of thousands of dollars of blackmail money.
Look at what’s already happened. Webroot also reports that of those businesses already attacked, 64% suffered some downtime and 45% were knocked offline long enough that their very business was threatened. And the cost of that downtime came to $141,000. (In 2020, it was only $47,000.) That’s not even counting the average ransom request of almost $6,000.
Can your business survive that? Mine couldn’t.
Adding insult to injury, a recent survey of security professionals by Cybereason found that nearly half of the respondents felt they didn’t have the right tools to fight back—and they’re particularly unprepared for attacks over the holidays. Who wants to come back after Thanksgiving and find their PCs and servers locked up with a ransomware demand popping onto the screen?
I could preach about the need to deploy in-depth ransomware protection, but you’re not going to be able buy and set up a solid security system between now and the end of the year.
What you can do, though, is start practicing some security basics that should see you safely through the next few weeks. Before getting into some specifics, let me remind you of something I’ve always known (and the 2021 Verizon Data Breach Report spelled out in no uncertain terms): 85% of breaches involve a person making a security blunder like opening a phishing message, pretexting, or some other social engineering mistake.
When dealing with anyone, you must not only trust but verify that they’re who they say they are and that they need the information they’re asking you for. If that sounds paranoid, well, as the joke goes, “It’s not paranoia if they really are out to get you.” And, these days, I’m sorry to say that they really are out to get you.
Now moving on to some simple specifics to keep you safe:
- Keep your operating system patched and updated to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or allow administrative privileges unless you know exactly what it is and what it does.
- Never click on an email, instant message, or groupware—aka Slack or Teams—link, unless you know it’s safe.
- Buy easy-to-use, inexpensive endpoint security programs such as Check Point ZoneAlarm Anti-Ransomware or Bitdefender Antivirus Plus.
- Create back ups of at least three or more copies of your data, including one off-site that’s not networked with your production environment. Then, make certain that the back ups are good and can be used to restore your systems.
Do all that, and you should make it safely through the holidays and into 2022. Then, keep taking these precautions from now until you sell your business. It’s literally the least you can do to keep your company safe from ransomware and most other attacks.
Next Read This: