In a nutshell: Ransomware can endanger your small- or medium-sized business. Take these precautions to protect yourself.
Imagine arriving at work one morning, turning on your computer and discovering all your organization’s data is being held for ransom. That’s a very real risk for small- and medium-sized businesses today as ransomware — malicious software that encrypts data and then demands the owner pay a fee to release it — proliferates around the globe.
While ransomware has been around for a while, it received major attention recently when the WannaCry cyberattack affected computers in 150 countries. When large organizations are attacked, they often have the financial and technical resources to rebound. Small- and medium-sized organizations, on the other hand, are often are in danger of losing data, frozen systems and productivity.
What’s at Stake
Software company Malwarebytes commissioned a survey of more than 1,000 small- and medium-sized organizations in June 2017. The results were eye-opening: While the ransom amounts usually aren’t large — half reported that they were asked to pay $1,000 or less — the real cost came from the temporary inability to conduct business, as 1 in 6 organizations had 25-plus hours of downtime from a ransomware attack. Thirty-five percent of survey respondents said they had already been victims of ransomware. Additionally, 22 percent said they had to put operations on hold as a result.
Upgrade and Update Your Operating System
The WannaCry exploit was so successful because it mostly infected computers running Windows XP, a 16-year-old operating system that Microsoft no longer supports or updates. By comparison, newer operating systems, such as Windows 10, receive a constant flow of updates to respond proactively to new security threats.
Small- and medium-sized businesses may be reluctant to upgrade their operating systems — after all, the system often works correctly, hasn’t presented any problems in the past, and the organization might be using proprietary software or programs that haven’t been updated to run on newer versions of the system. However, running an operating system still supported by the manufacturer is critical today, as only supported programs receive patches to respond to new security threats. Upgrading an operating system can often bring about extra expenses, not just to purchase a new system and any programs that run on the new version, but to train employees to use the upgraded software. However, overlooking the importance of upgrades can expose your business to ransomware and other computer-based threats.
Beware Suspicious Files
Malicious software, including ransomware, often sneaks on to your computer system by pretending to be something else. Nearly every kind of file, including Microsoft Office files, can contain harmful code that can propagate itself to the entire computer system. Malicious websites, including fake news sites, can try to trick people into downloading harmful programs.
The best protection against harmful files is to never open them. Train your employees to be very wary of suspicious files, even if they come from people they know and trust. After all, a sender’s computers could have been compromised!
Employees should be suspicious of any file they’re sent, especially if it’s an executable file (such as a program) or a Microsoft Office file that contains a macro. IBM’s Ransomware Response Guide says nearly every kind of file can potentially be infected, including images (.jpg, .png and others), Adobe PDF files (.pdf) and text files (.txt, .rtf and others).
If your computers are infected with ransomware, sometimes the best course of action is to wipe all your computers and restore them with a recent backup. However, this only works if you’re backing up your computers frequently. For a very small business, using just a handful of computers, the built-in backup programs on Microsoft Windows or Apple MacOS might suffice. However, if you have many computers, you might want to check out a cloud-based backup option.