How to Protect Your Small Business from a Ransomware Attack
Dan Levenson April 18, 2017
On the morning of February 5, 2016, a worker at Hollywood Presbyterian Medical Center (HPMC) opened a suspicious-looking email. Later, he tried to access a patient’s records on his computer, but couldn’t. He went to his manager, who tried to help, but nothing seemed to work.
Soon, other workers experienced the same problem. Within hours, CEO Allen Stefanek received the dreaded call: Hackers had infected the Medical Center’s computer system with ransomware. They demanded Hollywood Presbyterian pay 40 Bitcoin, or $17,000 in ransom. For 10 days, the company refused to pay—10 strife-filled days without computer access.
Eventually, they paid the money. Stefanek talked to reporters, stating:
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Small Businesses Are Under Attack
Hollywood Presbyterian could take some small comfort in knowing they were not alone. Of the 27.9 million small businesses in the United States (99.7% of all companies), 43% were the targets of cyber attacks in 2015, up from just 18% five years earlier.
The attacks aren’t limited to desktop computers; as cybercriminals become more sophisticated, they’re attacking smartphones, smart watches, and even smart televisions.
What Can Small Businesses Do to Protect Themselves?
Cyberattacks generally come in two forms: (1) those in which the ransomware is attached to an email; and (2) those which infect the computer directly through the browser. Small businesses need to prepare for both.
Here are 4 steps you can take to protect your small business from a ransomware attack:
1. Back up Your Files
Having a robust backup for your files gives you an alternative to paying expensive ransom to cybercriminals. As Philip Casesa, Product Development Strategist for ISC2
“You have to have some sort of backup, a real backup solution of the assets you’ve determined are essential to your business. Real-time backup or file synch will just back up your encrypted files. You need a robust backup process where you can roll back a few days [to before the ransomware infection], and restore local and server apps and data.”
Because ransomware can infect both primary and backup files, the best strategy is a “tiered or distributed backup solution” in which several copies of backup files are stored in different locations and on different media.
2. Educate Your Employees
Most ransomware attacks occur through infected emails—either as links within the email, or as email attachments. You need to train employees to never open any email from someone they don’t know.
According to McAfee
You can educate your employees by hosting training seminars hosted by security professionals, or more informally (and less expensively) through a series of lunches in which your IT people launch a group discussion.
3. Centralize Security
Small businesses in which each computer has its own antivirus security protection are most at risk. According to Casesa, moving to a managed endpoint security solution in which IT maintains security for the entire business dramatically increases the effectiveness of antivirus and anti-malware software solutions.
4. Don’t Pay the Criminals
There’s a good reason the federal government has a policy of never paying terrorists to free hostages—it tells them their strategy worked and encourages them to take more hostages in the future.
The same principle applies to cybercriminals. When you pay, you’re telling criminals that you’re a ripe target for a subsequent attack (you’ve become, in marketing parlance, “a qualified lead”) and encouraging them to attack other businesses.
Does Insurance Cover Ransomware Attacks?
Small businesses can buy insurance that covers ransomware attacks, but should work closely with their insurer to design the best policy. Some cyberattack policies don’t cover ransomware, and some that do have deductibles so high that paying the ransom is a more attractive option.
The good news is that most cyberattack policies can be customized, which means you need to work closely with your insurance carrier to get the coverage the best fits your business for the best price.
The one thing small businesses shouldn’t do is bury their heads in the sand in the blind hope that they’ll be spared a ransomware attack. In business, the best policy is to hope for the best, but prepare for the worst.
Establish a security policy which assumes you will be a target. Take the appropriate steps to prevent such an attack, and to deal effectively with one if it does occur, and make sure you’re covered with a customized insurance policy.