When was the last time you took a close look at the cyber hygiene of your business? As technology innovates, more small businesses are leveraging tools and software that help with processes. Unfortunately, it’s these same investments that are leaving organizations of all sizes open to bad actors. The truth is that cybercriminals will always manage to find a back door and make it their job to be one step ahead of you as a business owner.
You’ll need to ensure that your workspace offers the infrastructure and support to help mitigate the risk of cyberattacks and maintain the cyber hygiene of your business. The Globe Building retains a full-time staff, including six maintenance personnel who understand its infrastructure. All staff members are trained to work effectively with the occupants of high availability environments and with outside contractors and vendors. This creates barriers and roadblocks for cybercriminals, but business owners also need to be aware of what they’re up against.
Ransomware attacks are just one example of a threat to your business — they’re common, and they can be incredibly costly and eat away your profit margins. The average cost of a ransomware attack on a business was $713,000 between the loss of business due to downtime and the harm to its reputation. Many businesses also report that it can be anywhere from 3-5 days before you can access any digital files.
Ransomware is malicious software (malware) that is deployed through your IT infrastructure and quite literally holds your data hostage. There are two general approaches to ransomware that cyber criminals choose; encryption and screen lockers. Encryptors “jumble” data in your system, asking for a ransom in return for a key that will allow for decryption. Screen lockers will block you from accessing data with a screen that you can only unlock with the ransom payment.
Part of what makes ransomware so common is that it’s easily disguised in email links or attachments and then will spread quickly. Poorly protected business networks are also a prime target for ransomware, which is essentially an automated process that doesn’t take much (if any) technical skill to deploy and manage. Employees can easily be fooled into downloading programs that may seem like work-related tools but, in fact, “worm” their way through the network, looking for holes to burrow in. This makes regular training and continuing education about ransomware a must.
Having a robust ransomware protection plan in place should be an ongoing process that takes top priority. This plan needs to cover everything, from employee training for ransomware prevention to actionable tips that help maintain business continuity should an attack occur. There should also be a transparent chain of communication to help navigate through a ransomware emergency, and you should regularly review the plan.
Your business also needs to shore up IT infrastructure and best practices. You should perform data backup consistently, and you should put firewalls in place to close up vulnerabilities that cybercriminals can slip through. Restrict the software that employees can download to your business network, and patch the approved tools regularly to fix any security bugs that often go missed during development. It’s essential to create a culture of safety for everyone, from top to bottom.
Even with prevention and detection in place, ransomware attacks can still happen. There’s no guarantee that businesses will get the data back if they pay the ransom, but those who decide to make the payment face less downtime. Ransomware payments generally involve cryptocurrencies like bitcoin, which is nearly impossible to track — great for criminals, but not great for those who need to make sure the payment was completed.
In addition, the US Treasury Department has imposed sanctions on individuals and groups found guilty of deploying ransomware attacks, effectively making it illegal for businesses to pay the ransom. The consequences can be staggering:
“A number of those sanctioned have been closely tied with ransomware and malware attacks, including the North Korean Lazarus Group; two Iranians thought to be tied to the SamSam ransomware attacks; Evgeniy Bogachev, the developer of Cryptolocker; and Evil Corp, a Russian cybercriminal syndicate that has used malware to extract more than $100 million from victim businesses.
Those that run afoul of OFAC sanctions without a special dispensation or ‘license’ from Treasury can face several legal repercussions, including fines of up to $20 million.”
If you haven’t done so already, it’s time to complete an audit of what kind of safety net you currently have in place. A third-party coach or consultant can help take the results of that audit and turn them into action items, helping to create a new plan, training systems for employees, and even connect you with insurance providers that offer specific cybersecurity and business continuity protection.