Ransomware: Why Small Businesses are the Most Vulnerable

In recent years, a rash of high-profile ransomware attacks have left many businesses with the impression that only big organizations need to protect themselves from cybercriminals. The truth is exactly the opposite. In reality, small businesses are more often the victims of ransomware attacks—and no business is too small to become a target. Is your business protected?

Why are Small Businesses Targeted by Ransomware Attacks?

The term malware—malicious software—refers to any kind of software that was created with the intent to do harm. Some focus on stealing personal information to try and gain access to financial accounts. Others are designed to simply cause havoc in the systems they infect.

Ransomware is a specific category of malware with a different kind of objective. Instead of stealing account information or data, ransomware locks or encrypts files so that the owner can’t access them. The ransomware also gives instructions on how to pay a ransom in exchange for a password to decrypt or regain access to the files. Ransomware is evolving, of course, and now, some versions do more than just encrypt data. Some new strains of ransomware allow hackers to upload your data to their own server, as well as encrypt it in its original place

More recently, the city of Baltimore fell victim to a ransomware strain known as RobbinHood2. On May 7, 2019, city government computers were infected and taken offline by an unknown hacker group that demanded a Bitcoin ransom worth over $75,000. The city was unable to restore its systems until May 20, affecting email, payment systems, and even the city’s real estate market. Baltimore was previously hit in 2018, when hackers infected the city’s 911 system and forced a temporary system shutdown.

Attacks like these contribute to the belief that small businesses are safe from cyberattacks, but this couldn’t be further from the truth. In 2018, 71% of ransomware attacks targeted small businesses, with those in the healthcare sector hit the hardest. And ransomware attacks are on the rise, with an 11% increase from 2017 to 2018.

Few Small Businesses are Equipped to Deal with Ransomware

Small businesses are the most common targets of ransomware attacks. And unfortunately, they also tend to be hit the hardest by them—if not in the size of the ransom demand, certainly in terms of the organization’s ability to deal with the attack and its consequences.

One reason for this is simply that small business owners tend to believe that the size of their business makes them unlikely to be a target. Therefore, they don’t put as much effort into security as a larger business might. They’re also unlikely to have a plan in place to deal with the aftermath of a cyberattack. If they get hit, they struggle to deal with the fallout.

The second reason why small businesses are more vulnerable is that they don’t invest in cybersecurity. They don’t have the budget to employ an IT team, or buy expensive equipment. And many forgo security altogether, instead of searching for more affordable solutions.

How can You Protect Your Small Business?

As a small business owner, there’s a lot you can do to protect your business from ransomware and other malware attacks, even on a small budget.

Be Smart and Safe Online

According to Verizon’s 2019 Data Breach Investigations Report4, email is the most common method way for malware to access a system. And, over 80% of malicious emails use phishing activity to steal sensitive information or get the user to download malware to their computer.

While some security practices involve a financial outlay, one of the most effective methods of improving your security is free. Teach your employees how to stay safe online, and you can greatly reduce the risk that your computer system might become compromised. For instance:

• Use multi-factor authentication when logging in to email and other accounts. This means using two or more methods of verifying identity, such as a password plus a code sent to your mobile phone at the time of login.
• Don’t click on links or download attachments until you’ve verified their safety. If you know the sender, call them to check. If you don’t know the sender, scan the email for signs of phishing.
• Phishing emails use a variety of tricks to get people to click links or download attachments. These include suspicious activity warnings, requests for information or verification, offers of prizes or discounts, or payment requests.
• Phishing emails often claim to be from large brand-name companies such as Facebook, PayPal, or Netflix. But a close read of the email shows signs like poor spelling or grammar, or a generic greeting such as “Dear Customer”, that indicate it’s not what it seems.
• Phishing emails often use sender addresses that are similar to legitimate business email addresses, but aren’t exactly the same. For instance, “paypal12.com” instead of “paypal.com”. Check the sender address by hovering the cursor over it in the email, to verify the sender’s domain.
• Be particularly cautious with unsolicited email, or email from an unknown sender, especially if there are requests for sensitive information.

When in doubt, always check with the sender of the email, even if it’s from a co-worker. A new kind of phishing, dubbed spear-phishing, targets employees with the specific intent of gaining information that can be used to access sensitive company systems or data. These emails tend to be more sophisticated than the average phishing attempt, so it’s important to read with a critical eye.

Outsource Your IT Needs

If, like many small business owners, you haven’t given much thought to security before, now may be a good time to start! You may not have the budget for an IT team, but there are other options.

For small businesses, a simple and affordable solution is to outsource security to a third-party provider. By outsourcing security services, you benefit from advanced protection without a big financial outlay.

Backup Your Data

Even the most sophisticated security can’t guarantee your safety 100%. But if your data is regularly backed up, you can survive any cyberattack. One option is to use an online backup service that saves all your data in an offsite location. If your business is attacked, you can use the backups to restore your files, without having to resort to paying a ransom.

Your Small Business May Be Vulnerable, But You Can Protect It

Ransomware is a potentially significant threat, especially for small business owners. However, there’s a lot you can do to reduce your level of risk. By educating your employees and outsourcing security services, you can help ensure that your business doesn’t become a target.