Ransomware: What Business Owners Need to Know

Websites that offer free programs like PDF readers, photo editors, and video players are likely to host ransomware.

Businesses lose billions of dollars each year to ransomware – a form of cybercrime that can also rob them of precious time and data.

Ransomware is on the rise and increasingly puts small and midsized enterprises in its crosshairs. Let’s look at what ransomware is, the threat it presents, and how small businesses can protect themselves.

Ransomware Defined

Ransomware is a type of malicious software, or malware, that may be inadvertently downloaded by anybody in your company or introduced through vulnerabilities in common computer applications. Ransomware crawls through your computer system, searching for sensitive information and encrypting files so you can’t access them. The criminals then demand a fee in exchange for giving you back control of your files. They may try to extort additional money from you if they’ve found consumer data like credit card numbers that could be sold to other scammers. Often, victims will never recover their data even if they pay the ransom.

Experts have specified three primary vectors that ransomware spreads through. In a phishing attack, the criminal sends a message or email aiming to deceive the recipient into downloading an attached file or following a hyperlink. In a software attack, the scammer hacks into commonly used programs or disguises malware as a legitimate program. In a Remote Desktop Protocol (RDP) attack, cyberthieves get access to a computer by taking advantage of security weaknesses in RDP programs, which are increasingly used by telecommuters.

A Widespread Danger

Ransomware is a form of cybercrime that offers a big reward for a relatively small risk, because high-level malware code and anonymized forms of payment like cryptocurrency allow many perpetrators to evade enforcement.

It’s often impossible to fight ransomware once it’s in your computer system. Thus, many businesses have been forced to pay outrageous ransom fees to avoid losing their files permanently. And if the number of ransomware complaints have grown, it’s nothing compared to the increase in demanded fees, which frequently run to six figures. Of course, the total cost to companies is even higher, because these numbers don’t include losses in revenue and productivity or the longer-term consequences of data losses or exposure.

Why Small Businesses Are at Risk

Typically, individuals aren’t willing to pay an enormous ransom to get files back on their personal computer. For this reason, scammers are more likely to go after small and midsized businesses that have important files and data that they might spend good money to protect. Meanwhile, unlike large corporations, these entities might lack the kinds of sophisticated security systems that could foil malware or expose the criminals behind it. In addition to private businesses, frequently targeted organizations include schools, hospitals, police departments, and municipal agencies.

Defending Your Enterprise

Because you may not be able to control whether a criminal will attempt a ransomware attack on your company, it’s essential to protect your computer systems, train your staff, and follow best practices that will lower the chance that such an attempt will result in a disastrous loss. Here are 12 tips you can use to safeguard your business from ransomware:

1. Use strong passwords: If you’re still using passwords or device passcodes like “1234,” change them to something much harder to crack. You can use a free online tool to find out how secure different character combinations are.
2. Set up multifactor authentication: This method brings password protection to another level by requiring users to enter a PIN or otherwise confirm their identity on a separate device (like their phone) before they’re able to log into your server remotely.
3. Don’t download unexpected attachments: If an email attachment or hyperlink looks suspicious for any reason, don’t click on it. If the message appears to come from someone you know, you can always ask them to confirm that it’s legitimate.
4. Protect your network: Set up a firewall – a security device that monitors traffic on your network and blocks unauthorized users from gaining access to your data. You can hire specialized firms to put these systems in place.
5. Get software from trusted sources: Don’t download programs from no-name websites. Sites that offer free programs like PDF readers, photo editors, and video players are likely to host ransomware. Go directly to a known company’s site.
6. Keep programs up to date: Turn on automatic updates for your operating systems and antivirus and anti-malware software and make sure that you regularly look for and install the latest security patches for your internet browsers, browser plug-ins, and frequently used software.
7. Secure your remote workers: The increase in telecommuting has led to a proliferation of Remote Desktop Protocol (RDP) attacks. Implement multifactor authentication for anyone who logs into your server and systems from afar.
8. Be careful with public Wi-Fi: Many public spaces like airports and coffee shops offer Wi-Fi, which can be convenient for getting last-minute work done. But using these networks without a virtual private network (VPN) is an invitation to hackers.
9. Turn off Bluetooth: Bluetooth is a great way to connect wireless devices – but leaving it on when you’re not actively using it creates a back door for hackers. Make a habit of disabling Bluetooth on your computer as soon as you take off your headphones.
10. Don’t leave devices unattended: Good security isn’t just about having the latest high-tech tools. You also need to make sure you’re not leaving your laptop, phone, or tablet where someone outside your organization could access or steal it.
11. Back everything up frequently: If, despite your best efforts, you do fall victim to a ransomware attack, having a recent backup of all your files is your last defense. You’ll be able to wipe all your machines clean and get back to work without delay.
12. Train your employees: These cybersecurity tips work only if everyone in your organization knows and implements them. Make sure all your employees know that defeating ransomware and other forms of cybercrime is always a team effort.

Content is for informational purposes only and is not intended to provide legal or financial advice. The views and opinions expressed do not necessarily represent the views and opinions of WesBanco.

While we hope you find this content useful, it is only intended to serve as a starting point. Your next step is to speak with a qualified, licensed professional who can provide advice tailored to your individual circumstances. Nothing in this article, nor in any associated resources, should be construed as financial or legal advice. Furthermore, while we have made good faith efforts to ensure that the information presented was correct as of the date the content was prepared, we are unable to guarantee that it remains accurate today.

Neither Strategy Academy nor its sponsoring partners make any warranties or representations as to the accuracy, applicability, completeness, or suitability for any particular purpose of the information contained herein. Strategy Academy and its sponsoring partners expressly disclaim any liability arising from the use or misuse of these materials and, by visiting this site, you agree to release Strategy Academy and its sponsoring partners from any such liability. Do not rely upon the information provided in this content when making decisions regarding financial or legal matters without first consulting with a qualified, licensed professional.