Summary: It’s a common misconception that small businesses aren’t typical victims of cyber attacks or data breaches. In this article, we’ll discuss a particularly damaging type of malware known as ransomware, and what small and mid-sized businesses can do to protect themselves from these types of cybersecurity attacks. Small and mid-sized businesses account for
90% of companies worldwide, and they employ over 50% of the global population. These businesses play a critical role in the economy, but they can also be prime targets for
hackers and cybercriminals.
Data shows that small to medium-sized businesses were the victims of
71% of ransomware attacks. These attacks may have occurred because many smaller companies typically spend less on cybersecurity measures than larger corporations, making them easy subjects for hackers.
What is Ransomware?
Ransomware, or ransom malware, is a type of malicious software designed to block access to a computer system and/or the data residing on that system until a sum of money (or ransom) is paid, or some other action is completed. Cybercriminals often use this file-encrypting malware to go after specific targets who can pay the largest ransom possible, but this is not always the case. As mentioned previously, small to mid-sized businesses are likely targets because they usually have smaller security teams. Hackers also will target organizations like government agencies, healthcare facilities and financial institutions that store sensitive data because they may be willing to pay up quickly to restore access to their files. According to the Federal Trade Commission, some ransom demands issued to small businesses have been
as high as $100,000.
Ransomware locks a company's files, basically holding them hostage by making data, documents and files inaccessible without a decryption key. The files are still on the device, but without paying the ransom within a specified timeframe, the organization faces losing access to them forever.
According to Norton, some common ransomware examples include:
- Lock screen or screen lockers: Locker ransomware makes it impossible to access any files or applications on your device. Users will see a full-screen message that prevents them from accessing data on their PC.
- Encryption ransomware: Also known as crypto-malware, this type of ransomware modifies files so users cannot open them. There is no guarantee that paying the ransom or completing the required action will allow access to the PC or files again.
- Scareware: Scareware is an example of ransomware that acts like virus protection. Users will see a pop-up message saying their files are at risk with a demand for payment to fix the issue. Scareware may lock the computer or flood the screen with alerts and pop up messages.
- RaaS: Also known as "Ransomware as a Service," RaaS malware is hosted by an anonymous hacker who handles distributing the ransomware, collecting payments and managing decryptors in exchange for a cut of the ransom.
- Doxware: More people are storing sensitive, personal information on their computers and mobile devices these days, and doxware threatens to share that data with the internet unless they receive the ransom requested.
Ransomware Protection for Small Businesses
IT security has to be a priority for businesses of all sizes. Companies should not only understand
how to prevent cyberattacks like ransomware, but they should also create a
data breach response plan, so the steps to take in the event of a breach are spelled out in a straightforward manner. Here are a few things small and mid-sized businesses can do to help protect themselves from cyber attacks like ransomware.
Upgrade to the most recent operating system version
As operating systems update, new versions can include patches or firewalls for potential security issues that could make a business vulnerable to ransomware.
Provide regular cybersecurity training to employees
Human error causes 52% of data breaches. Staff should receive ongoing
cybersecurity training to understand the organization's security policies and the risks associated with a breach. Employees should understand the basics, like not opening emails and attachments from unknown senders and how to recognize fake websites and email addresses, which often contain misspellings.
Keep security software updated
Many cybersecurity software programs offer real-time protection from malware attacks like ransomware. Use a trusted security suite and update it regularly, as new threats continuously pop up for both businesses and consumers.
Backup data regularly
While this may take businesses considerable time and effort, the importance of backing up information cannot be stressed enough. Consider utilizing a cloud service that incorporates high-level encryption and multiple-factor authentication. At the very least, files can be saved to USB or external hard drives – as long as they are disconnected from the device, as they can also be susceptible to ransomware.
Purchase insurance coverage that covers ransomware
Cyber insurance can protect businesses from a range of cyberattacks, including ransomware. Every year, organizations, both large and small, are victims of data breaches, and every employer faces the fact that they could be the target of a network security breach. Cyber liability coverage helps protect businesses of all sizes from the financial damage incurred from cyber attacks and data breaches.
Cyber Insurance from AmTrust Financial
AmTrust Financial offers
cyber insurance to help protect small businesses from some of the costs associated with ransomware as well as a variety of other cybersecurity attacks. AmTrust also offers access to best-in-class third-party cybersecurity vendors that provide proactive cybersecurity services aimed at preventing these attacks from occuring in the first place. AmTrust is committed to evolving our coverage as new cyber threats emerge for our customers. To learn more about our cyber liability insurance policies, please
contact us today.
This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.