Ransomware 101: How to protect your small business
Remember WannaCry, the ransomware attack that crippled the NHS two years ago? It’s a perfect example of how easily ransomware can spread. You might be forgiven for thinking SMEs aren’t an attractive target to cyber-attackers – but unfortunately ransomware can bring down businesses of all sizes, not just global corporates or large public sector organisations. Here’s your cheat-sheet on what to look out for – and, crucially, how to prevent an attack.
As the name suggests, ransomware makes it near-impossible for a user to access their data after a device has become ‘infected’ unless they pay a ransom to the attacker. It can be hugely disruptive to businesses.
There are various types – including ‘phishing’ where an email (usually with an infected attachment) masquerades as from a source the recipient can trust. The files then take control of the user’s device and encrypts their files, showing a message demanding an untraceable Bitcoin ransom be paid to regain access. Phishing, like the majority of cyber-attacks, plays on human error to get through your business’ defences. Other ransomware, like WannaCry, exploits a loophole in network or operating system software without tricking users.
Who’s at risk?
Ransomware attackers are usually opportunists. They might target businesses with obvious vulnerabilities – universities with small tech teams and lots of disparate network users and file sharing, or small businesses who rely on flexible working and freelancers, for instance. Others focus on government agencies and large corporates, who may be more likely to pay bigger ransoms, particularly if the information they hold is sensitive (such as law firms). Some ransomware, however, simply spreads indiscriminately across the internet.
What you can do
There are a few things you can do to ramp up your business’ defences:
- Keep your operating system up to date and patched so known vulnerabilities are covered
- Don’t install any software or give software admin access unless you know exactly what it is and where it’s come from
- Install antivirus software or invest in endpoint protection technology to detect ransomware when it arrives, and whitelisting software to stop unauthorised programmes from executing
- Back up your files regularly and frequently! It won’t prevent an attack, but it can make the damage after an incident much less disruptive.
Ransomware costs businesses more than $5 billion in 2017 in ransoms paid, spending on regaining control, and time lost recovering. Globally, it’s on the decline. But, in its place, malware – software designed to take out IT systems – has grown by more than a fifth over the same period, causing 10 billion attacks in 2018 alone.
There’s no silver bullet when it comes to protecting your small business from cyber-attacks. Simple changes like improving staff cyber security awareness can have a big impact. We offer a range of managed services, and we go one step further than most MSPs in helping London’s SMEs fight the latest security risks. Trust the experts – contact us to find out how we can help keep your business resilient and secure.