Ransomware is Targeting Small Businesses. Protect Yourself!

on October 16, 2017

Pay up or kiss your most important documents goodbye. Yes, that’s the threat posed by “ransomware,” a computer crime that’s on the rise. 

What is Ransomware?

First a quick definition. The ominous term “ransomware” comes from the mashup of “ransom” and “malware.”

“Malware” is short for “malicious software,” which users unwittingly load onto their computer by visiting an infected site or clicking a link. Ransomware is malware gone even worse. The malware will encrypt the files on your computer, and then the person or organization that infiltrated your system will demand a “ransom,” usually paid in digital currency. The perpetrators claim that once you send the funds, they will send the “key” that will allow you to decrypt your files.

Ransomware has made headlines this summer; mostly recently with the global Petya outbreak which affected systems in at least 65 countries.

Protecting Your Systems from Ransomware and Other Intrusive Cybercrimes

Whether you’re trying to protect against malware, ransomware, spyware, phishing or any other online threat, cybersecurity is a vital topic for every small business owner. Don’t assume you are immune, warns Stephen Cobb, a senior security researcher at antivirus software company ESET. “Small businesses fall into hackers’ cybersecurity ‘sweet spot.’ They have more digital assets to target than an individual consumer, but less security than a larger enterprise,” he says. In fact, one report found that half of all small- and medium-sized businesses had been the target of an attack in 2016.

Here are some ways to protect you and your data:

1. Install anti-virus software

Antivirus isn’t a cure-all but it should still be your first line of defense. Choose a well-rated system and then make sure it’s up to date and installed on every machine in your enterprise.

2. Warn employees never to click on suspicious links

According to the 2016 Malwarebytes-Osterman Research survey, nearly half of attacks originated from email, either from opening an attachment or clicking a malicious link contained in the message itself. It’s easy for even the savviest professional to be lured into unwittingly clicking a link, especially when you’re quickly processing multiple emails.

Tim Bandos, director of cybersecurity at Digital Guardian, says that even in the midst of a busy day, he’ll pause for a moment to ask himself a series of questions before clicking:

  • Do I know the sender?
  • Do I really need to open that file or go to that link?
  • Did I really order something from this or that company?

“Phishing is a common entrance vector for ransomware and because most end users never think twice, it’s extremely successful,” he notes.

3. Insist on strong passwords

What makes a password “bad?” It’s easy to guess. And, hard to believe but “123456” and “password” are still the worst offenders, and have been for years. One of the best ways to make your password more secure is to make it longer, rather than more complex, says Mark Burnett, author of Perfect Passwords. By that he means at least 12 to 15 characters long. “Usually all it takes is a password that is just two characters longer to make up for a lack of other types of characters such as upper-case [letters], numbers or symbols,” he says.

 4. Back up your files

One solution is to use a company that specializes in backup, either an online vendor or a Disaster-Recovery-as-a-Service (DRaaS) vendor, recommends Philip Casesa, product development strategist at ISC2, a global not-for-profit organization that certifies security professionals.

“You need a robust backup process where you can roll back a few days [to before the ransomware infection], and restore local and server apps and data,” he says.

Source