What do you think is the biggest technology threat to your business?
The answer is ransomware.
In this blog, I will explain exactly what ransomware is, why you should be concerned and what you can do to protect yourself and your business.
NHS Ransomware Attack
Ransomware hit national headlines in the UK in 2017, when the NHS IT system was hit by a ransomware attack. It caused absolute mayhem with an estimated 19000 appointments getting cancelled.
The estimated cost to the NHS of the ransomware attack was £92 million.
It’s no surprise that ransomware is on the rise. You can teach yourself how to create your own ransomware on YouTube and then make a commission for spreading around. It’s so easy that even teenagers are doing it.
How does Ransomware work? What is it and why does it cause a huge risk to your business?
Ransomware is a type of malware that once installed on your computer system will encrypt all of the data. Once your data is encrypted, you won’t be able to access anything. Your files/folders and applications will all be encrypted and unavailable to you.
But the cyber criminals do offer you the opportunity to get your data back, you’ve just got to pay a ransom
These ransoms aren’t small sums of money either with the average sum requested approx £8000.
Make no mistake about it, Ransomware is making cyber criminals very wealthy. They know how much you need your data and how much you’d be willing to pay to get it back.
But when you run a business, these ransom costs are the least of your worries.
If your IT is affected by ransomware, you could face days or weeks of IT downtime. Could your business survive weeks of IT downtime?
You could face a huge bill to get your IT back to where it was before the attack.
In addition to all of this, you could lose customers and face a crushing blow to your business reputation.
Beliefs of SME’s
I talk to the owners of small businesses on a regular basis and I am sometimes concerned about the beliefs that they have around Cyber Security.
Lots of business owners think that their businesses are too small to be a target for cyber criminals; they think that the real targets are the big businesses and institutions like the NHS.
This is wrong.
It’s estimated that over 70% of ransomware attacks target SMEs.
Cyber criminals will target anyone who is vulnerable. In my experience, the IT setup of most small businesses is so poor that they’re sitting ducks. It’s not a case of if they’ll be the victim of a cyber attack, but when.
Are you really protected?
Now, you might be sitting reading this blog feeling quite relaxed.
Maybe your business uses anti-virus software on all of the computers?
Unfortunately, many people who reported getting hit with ransomware also confirmed that they were using anti-virus software.
Or perhaps you’ve just bought a new expensive firewall?
There is no one bit of technology that will protect your business. If there was, we’d all be buying it and I wouldn’t have to write this blog!
Traditional cyber security solutions like anti-virus are no match for the sophisticated cyber attacks of today.
How do you get Ransomware?
So how does ransomware get into your business?
Again, there is no single route into your business for cyber criminals. There are lots of routes.
The common way that ransomware gets into your business is by sending phishing emails to your team. These are emails designed to get people to click on the links. Once you click on the link, the ransomware is installed on your computer
But then there are a whole host of other factors that could contribute to ransomware spreading through your business.
Most people in businesses aren’t cyber security trained. They don’t know what to look out for. So when they get a phishing email, they think it’s real and click on the links.
Lots of people use weak passwords. Easy for them to remember, but easy for hackers to crack.
Then, lots of IT networks are poorly maintained. A poorly maintained network is always going to be vulnerable for attacks.
If you add all of these factors in, a small business could be sat with many vulnerabilities.
How can you protect your business?
So what is the answer?
As I mentioned earlier, there isn’t one single bit of advice I can give you.
Protecting your business against ransomware involves lots of different techniques and strategies, all working together.
For me, the easiest way to look at protecting your business is to try two different approaches. The first is to try and prevent a cyber attack and the second is to get your business in a place where it could recover from a cyber attack.
Cyber Security is like a Jigsaw
I talked earlier about not relying on a single bit of hardware, like a firewall or a particular bit of software like antivirus software. Although it’s important to remember that these still play a part.
For me cyber security protection is a little bit like a jigsaw puzzle.
You need lots of different pieces to complete the puzzle. Each of these pieces is a process or technology that will help protect you.
If one of those pieces is missing, then each missing piece represents a potential ‘way in’ for cyber criminals.
Some of the Pieces:
- You need a good firewall in your office to protect your network.
- You also need modern-day security software installed on all of your devices.
- You will need robust email filtering to try and prevent phishing attacks from even reaching your staff.
- But, you also need to train your staff to make sure that they’re cyber aware. So, if they do get a phishing email, they know what they’re looking for.
- You need a solid IT maintenance plan with a reputable IT provider to make sure all of your systems are kept up to date with the latest security patches.
- You should all use secure passwords to access your computers and cloud applications.
- You should improve password security by using two-factor authentication on all of your applications.
All these strategies will form the basis of a reliable and secure network.
Recover from a Ransomware Attack
But even if you employ all of these strategies, this won’t guarantee your immunity to ransomware attacks. It will lower the chances of you getting hit, but nobody is completely secure.
You have to be prepared in case the worst thing happens.
There are two main recommendations I have to ensure you can recover quickly and easily.
The best way you can recover is to have a solid backup and business continuity plan in place.
My IT company, Integral IT, recommends Datto for your business. With their business continuity solutions, we can ensure that our clients can get back up and running quickly in the event of a ransomware attack.
My second bit of advice is to ensure that you have adequate cyber security insurance. This is so important today, but lots of small businesses don’t have the right insurance in place to help you stay afloat in the event of an attack.
The world of cyber security can seem like a daunting place. But it doesn’t have to be that way.
There are lots of cost effective strategies that any sized business can implement to help them combat cyber attacks.