Columns and Blogs

Technology Tip
Dave Pelland has extensive experience covering the business use of technology, networking and communications tools by companies of all sizes. Dave's editorial and corporate experience includes more than 10 years editing an electronic technology and communications industry newsletter for a global professional services firm.

Managing Small Business Ransomware Threats

Managing Small Business Ransomware Threats

The most common and fastest-growing cyber security threat facing companies of all sizes today is ransomware, a form of malicious software that has victimized businesses, non-profits and even state, local and federal governments.

While there are several variations, ransomware shares the characteristic of entering a company’s network and encrypting data files so the company can’t access its own documents and records. The hackers then issue a ransom demand, typically payable in cryptocurrency, with a promise to provide a decryption key that restores access to the compromised files.

Although any organization can be targeted, small businesses are vulnerable to ransomware threats because they’re less likely to have a dedicated IT team, and are more likely to defer security-related updates to their devices and network.

Despite this challenge, however, there are steps that small businesses can take to reduce the risk from ransomware and to be better prepared should they be attacked.

Costly Hack

A ransomware attack can be expensive for victimized companies. Ransom demands (which law enforcement officials recommend against paying) vary from hundreds to thousands of dollars, with no guarantee that your data will be accessible again.

Ransom aside, companies will also face the cost of IT pros who try to recover or restore the locked data, as well as lost revenue and employee productivity if the company isn’t able to operate while its data is compromised.

Use Email Carefully

As with most cyber security threats, the most common way ransomware comes into a small business is via an email attachment that an unsuspecting user clicks to launch the installation program.

To reduce this risk, employees should receive training about the dangers of opening attachments from senders they don’t know, and the company should consider installing email security software that blocks attachments from unknown sources.

Back Up Regularly

Online backups are another critical defense against ransomware attacks. If you can’t recover data that’s been locked, a recent backup will allow you to either erase (or replace) any infected devices and restore good data to the now-clean hardware. While buying new equipment can be a sudden, unbudgeted expense, new IT gear will likely cost less than paying ransom if a company has reliable backups for its important data.

A Stronger Firewall

Companies should talk with their IT provider about installing a next-generation firewall that will examine data more carefully as it enters their network. Traditional firewalls verify the routing information and content descriptions that data packets provide, but don’t compare that information to the actual packets.

A next-generation firewall, in contrast, will compare the contents of each data packet to known malware threats and block any from entering your network. Your systems will still be vulnerable to newly emerging threats, but the overall risk is reduced.

Stay Updated

It’s also vital to make sure your security software and device operating systems are kept current. Many updates are issued in response to the discovery of security vulnerabilities in software, and it’s often a race between when a security flaw is discovered and when users can update their software to mitigate the risk from the flaw.

The risk is heightened because automated hacking tools search for known vulnerabilities, meaning your danger increases the longer you put off installing a software update.

By paying attention to updates and taking active measures to protect yourself, you can reduce your small business’ vulnerability to ransomware threats.


Read other technology articles