WHY IS RANSOMWARE TARGETING SMALL BUSINESS?
Ransomware Fast Facts:*
43% of cyber attacks are aimed at small business and only 14% are prepared to defend themselves
Average cost to a business is $200,000 and often they close the business within 6 months
More than 50% of all small businesses suffered a breach within the last year
Cybercrime is now the fastest-growing form of criminal activity; and they prefer to target small business. A small business is defined as 1-99 employees and makes up over 98% of Canadian business establishments. The reason hackers target small business is because most don’t have dedicated IT personnel on staff, therefore software is out-of-date, and systems are not being protected with the diligence they require.
The most common cybercrime right now is ransomware. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. It can be devastating to an individual or an organization as experienced by many small businesses, municipalities and hospitals that have recently been targeted.
Malware attacks computer networks but remains invisible to average users for weeks or months. During that time, it collects information about the organization and its perceived ability to pay a ransom. It then locks files, demanding the network owner pay a sum of money to make them accessible again. So, the number one question is how does this happen? Running out-of-date software, letting anti-virus software expire and clicking on malicious email links are all ways you let malware onto your system.
Quite often we encounter small businesses who are using home versions of software or anti-virus protection which leaves not only their business data vulnerable but also their client’s personal information like customer name, address, birth date and credit card information. The solution to any business owner is to use enterprise-level software that has additional safeguards in place to protect both you and your client’s information.
Follow these steps to protect yourself and avoid becoming a statistic:
Make daily backups and duplicates of data and files that can be retrieved in the event of system compromise or ransomware attack.
Install and regularly update anti-virus, network firewall, and information encryption tools to scan for and counteract viruses and harmful programs; guard against incoming network or denial-of-service attacks; and keep sensitive information safe.
Routinely monitor and scan any device that’s connected to a computer system or network, and prohibit the use of removable media (e.g. USB drives) at work.
Limit employees’ access to only the files, folders, and applications that are required to perform routine on-the-job tasks.
Provide regular, up-to-date training for staffers at least every 90 days on the latest online threats and trends in cybercrime.
Engage in teaching drills and exercises grounded in real-world everyday scenarios that test employees’ ability to detect scammers and respond appropriately to fraudulent requests.
Instruct staff about the dangers of clicking on unsolicited email links and attachments, and the need to stay alert for warning signs of fraudulent emails.
Utilize multi-factor authentication before authorizing any major, uncommon, irregular, or allegedly time-sensitive requests.
Conduct on-going vulnerability testing and risk assessments on computer networks and applications to seek out and address possible points of failure before they arise.
Implement artificially intelligent cyber analytics tools that can scan networks, user accounts, and applications to determine what passes for normal behavior, and auto-detect and immobilize suspicious activities before they spread.
Questions about setting your business up for success? We’re here to help.
Consys Group Inc. 226-973-9208