October is cybersecurity awareness month and that begs the question:
Does your small business need to be concerned about cybercrime generally, and a ransomware attack specifically?
Yes. 100% yes.
Ransomware is a growing menace, often targeting small business, and its effects can be devastating. Consider these sobering statistics:
- Cybercrime cost the global economy almost a trillion dollars last year. Much of that came from losses due to ransomware
- There has been a 300% increase in ransomware attacks in the last year alone
- 60% of all cybercrime is now directed at small business
Here’s what you need to know:
Exactly what is ransomware? Ransomware is a type of computer malware that infects systems by blocking access to the computer until a ransom is paid.
Specifically, an unsuspecting computer user will be lured into either opening a corrupt email attachment or clicking on an infected website link, thereby installing corrupting encryption software on the individual computer or system. Once operational, the malware locks down the computer and a picture like this appears on the screen:
What happens then? Once the encryption software has infected the host computer, a countdown clock starts ticking. Instructions state that the user has, say, 72 hours to pay a ransom or all of the encrypted files on the computer will be deleted.
In most cases, the amount of the ransom is not astronomical – something like $500 – $1,000 is typical. The idea is that the owner of the locked-down computer will often decide the easiest course of action is in fact to simply pay the ransom.
What are your options? Once your computers have been infected with ransomware, you essentially have three options*:
1. Pay the ransom: As indicated, this is often seen as – and often is – the path of least resistance. The way it hopefully works is that the computer user pays the ransom and the cybercriminals then send a “key” to unlock the computer/system.
In all likelihood the word “hopefully” just jumped out at you, and for good reason. These are bad guys after all. They may send the decryption key, and they may not.
2. Attempt to remove the malware: The idea here is to hire a cybersecurity expert to get rid of the infected software. (Typically, this is not something you can do without expert help.)
3. Do nothing and recover your files: If you have an online backup of your data as you should, then the final option would be to wait, have the creeps delete your hard drive, and then start over with your backup files.
No, not a pleasant thought.
How can you protect your business from ransomware? There are several precautionary steps you can take to help keep yourself and your small business safe*:
First, be sure to install an Internet security software program on your computer system. The best these days are cloud-based systems that monitor your computer in real time.
Next, you need to do a deeper dive into how ransomware is spread and teach your staff about safe computing processes and procedures.
Finally, get insured! Should the worst occur, you will be very happy if you have the proper type of cybersecurity protection insurance. For example, Allstate Business Insurance offers a variety of cyber-focused protection products to help protect businesses in a virtual world. Specifically, Allstate CyberSuite* offers the broadest amount of protection due to a cyber event, including
- Data compromise
- Cyber extortion
- Identity recovery
- Network security liability
- Computer attack
- Computer fraud
Of course, neither losing your data nor paying a ransom is an attractive option and that is why taking ransomware seriously and instituting some precautionary measures is your best course of action. Do that.
* Coverages are subject to state availability and qualifications and may vary by state. All claims for coverage are subject to applicable state and territory laws, policy terms, conditions and exclusions. Coverages are subject to state availability and qualifications and may vary by state. All claims for coverage are subject to applicable state and territory laws, policy terms, conditions and exclusions.