How SMBs Can Conquer Ransomware

4 Min Read

You don’t have to look far past the news headlines to see that ransomware is a big and growing problem today. And companies have a lot to lose — $1 billion per year, to be exact.

What is Ransomware and How Does it Affect Small Businesses?

Ransomware is a type of malware that is able to hold digital files (e.g. documents, images) hostage until a sum of money is paid by a business to unlock them. As an entrepreneur, you have three options:

  1. Pay up
  2. Restore from a backup
  3. Suffer the consequences of not being able to access your data

Since many businesses can’t afford downtime, they opt to pay up. Depending on what is being held hostage, this can cost from $200$30,000 per incident. This strategy comes with its own risks because organizations have to trust that a cybercriminal will decrypt the files and not execute another attack in the future. In addition to money out of their pocket, small businesses can expect substantial damage to their reputation as the local and national media frequently write stories on ransomware attacks of all shapes and sizes.

How to Protect Your Business From Ransomware

The good news is that you actually don’t need a hefty security budget and dedicated security team to combat ransomware. Here are four best practices to protect your system from ransomware:

Email Safety Training

Phishing attacks via email are one of the most common ways ransomware gets in, so it’s a good idea to educate your company about the basics of email safety and phishing. Attackers are upping their game here, creating emails that are exact replicas of real emails, but laden with ransomware. Programs and products that teaches your company to spot the differences are the first step to making ransomware a non-event.

Proactively Manage Cybercriminals

Small businesses often take perimeter-based cybersecurity strategies that leaves data vulnerable when a hacker inevitably gains entry into the network. While businesses should still have the right tools in place to try to keep cybercriminals out, they also need a plan for when a breach occurs.

The reality is that, at some point, people will click malicious links or open strange attachments and malware will get in. This is why it is important that small businesses have security technologies in place that let them proactively manage cybercriminals and prevent ransomware from encrypting files.

Pack Your Own Parachute: Backups

You need to be able to ensure that if an attacker does try to hold your data ransom, you can continue business as usual. There are many options for backups, but the most important thing is to do it regularly (ideally daily) and follow the Rule of Three:

  1. Have three copies of all important data
  2. Keep copies in two formats (for example, local hard drive + Dropbox)
  3. Store at least one copy offsite (yes, in the cloud counts)

The ransomware problem isn’t going away anytime soon. Cybersecurity researchers have found that cybercriminals are modifying their tactics and strategies to steal more money and information from small businesses. They are franchising ransomware kits and selling them on the Dark Web to amateur hackers, utilizing strong encryption to seize your files, and much more. With the right protections in place, however, small businesses can not only detect ransomware, but also investigate and eradicate threats—fast

Share This Article
Todd O’Boyle is a co-founder and CTO at Strongarm, an Allied Minds company. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing technical support to the Department of Defense and the Intelligence Community. He also served as principal investigator for a project developing methods to improve how operators respond to adversaries. Todd researched software protections used by adversaries, approaches to discover malicious insiders, profiling network flow data to identify adversary activity, and computer forensics.