Have you heard the myth that a small business is just too small to get a ransomware attack? I know I have heard this once or twice before. You may also be thinking that ransoms are in the hundreds of thousands of dollars. Well, you are right, but because cybercriminals know this, not all ransoms are exorbitant. In fact, according to MalwareBytes, ransom payments have been seen anywhere from a few hundred dollars to a few thousand dollars. So that myth of being just too small, is just that, a myth.
Researching the victims
Ransomware has changed over the years from just encrypting the victims data to now stealing and reviewing the victims data. This allows the cybercriminal to adjust the ransom they demand to something the victim could potentially afford to pay. This brings us back to our myth and why there are victims who pay only a few hundred to a few thousand dollars.
Cybersecurity musts
There are some preventative measures that all small businesses should be doing to protect themselves from falling victim to ransomware attacks.
- Data backups: keep offsite & offline, verify for data integrity
- Endpoint protection: more than antivirus, endpoint detection & response solutions
- Remediation: have a plan, verify all ransomware infections are removed
- Awareness and training: identifying threats and what employees should do
Having backups that are kept offsite and offline is a great way to protect business data from getting infected with ransomware, it is also a way to protect against natural disasters or facility incidents.
Antivirus solutions still play a role in protecting our devices, but endpoint protection and response solutions are a must. These solutions are more than a virus scanner, they constantly look for suspicious file behavior, automate actions to remediate or contain threats, and provide information on device health and incidents.
Having an incident response plan is crucial for all businesses. These plans will help guide a small business during an incredibly stressful time. Incident response plans should include important team members who will help remediate, a step by step guide on what to do during an incident, and actions to take afterwards to ensure the small business isn’t victimized by the same threat twice.
Lastly, awareness and training is critical. While technology solutions can prevent most cyber attacks as they come from outside of the business network, us humans can let the attacker right in. This can happen by falling for a phishing attack, a spoofed login page, or downloading malicious files. Essentially opening the front door to the devices and data.
Myth no more
So next time you hear a small business is just too small for a ransomware attack or any cyberattack, you’ll know it is only a myth.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!