Five Reasons Why Small Businesses Are at Increased Risk of Ransomware Attacks

Too often, small businesses have the false impression they are insignificant to cyber criminals. This is misguided because more than half the ransomware attacks target small organizations. 

In the last few years, the threat of ransomware attacks is on a sharp rise,” notes Gurmeet Jutla, vice-president of technology at Uniserve Communications Corporation. “Ransomware affects all types of businesses, and had cost about $5 billion in 2017 so far.“

Jutla breaks down five main reasons why small businesses are more at risk for ransomware attacks:

1. Small business owners believe they are too small for hackers to be concerned about them;
2. Most small businesses only hear about the large businesses being attacked; they never hear about the smaller organizations and, therefore, do not recognize the risk;
3. They often lack an understanding of potentially how they can be attacked via phishing or through imposter websites; 
4. Many small business owners find it too complicated and overwhelming to figure out what to do to protect their business. They also perceive the costs of protection as being too expensive;
5. Small businesses generally do not backup data properly, making ransomware attacks easy.

“The best defence against ransomware and other vulnerabilities is to acknowledge that you can be exploited—then educate yourself,” explains Jutla.

Ransomware can spread many ways, from taking advantage of a system’s vulnerability to luring potential victims through phishing attempts or free software.  Once data is encrypted, there are only three ways to remedy this:

1. Pay the ransom;
2. Restore the data from backup (after cleaning all your equipment);
3. Start over.

There are several ways ransomware can be avoided:

1. Backup all your critical data onto devices that are not online all the time;
2. Receive training on what and how to prepare for ransomware attacks;
3. Patch (update) your IT equipment regularly (workstations, servers, network gear, and mobile devices);
4. Disconnect any infected device as soon as possible; and
5. Have a professional run a vulnerability scan and then test your systems.

“Businesses of all sizes should have awareness training in place,” says Jutla. “This training should include policies on how to identify phishing attempts, validate websites and how to choose strong passwords.  Sometimes secure networks are breached because of a weak policy, as what happened to the UK healthcare system.”

Furthermore, businesses should commit to operating a strong network by having anti-virus and host-intrusion prevention systems; firewalls at entry points into networks; and email filtering services.  Ensure you subscribe to daily alert messages such as those from US-CERT, which publishes known vulnerabilities.

 Jutla strongly advises small business owners who aren’t necessarily tech savvy to obtain consulting help or hire a services partner to manage all the potential complexities. 

For more information on how to keep your company free from ransomware attacks, visit Uniserve Communications Corporation at www.uniserve.com or call 604-395-3900.