Everyone thinks that it couldn’t happen to them; their business is too small or too secure to be the target of a cyberattack. However, stories about businesses that are having their data held for ransom are on the rise and are probably under-reported.
Small businesses lose an average of 80K a year to cybercrime, according to the Better Business Bureau, and cybercrime will cost the global economy more than $2 trillion in 2019. As crazy as it all may sound, it is a very real risk and your business should be prepared.
What does a ransom attack look like? Usually the criminals will disable all devices connected to the internet or network and block all access to all files, data and email. A demand will be made for a certain amount of money to be able to get the encryption key to be able to unlock the devices. The goal of the ransom is to ask for an amount that your business can pay but that is not insignificant. By asking for a “reasonable” amount of money they are making it less likely for you to go to the authorities and risk losing all of your data, they want to incentivize your business to pay the ransom. Usually after you negotiate on terms you will get a digital “proof of life” – showing that by paying the ransom that the key they will give you will actually unlock your data. Once shown that the key works you will pay the full ransom and be given the key to be able to access your data again.
If all of this sounds like a financial nightmare – you’re right. During this entire process you’re not only losing out on the amount of money you pay in a ransom but every day your data is locked you are paying all of the costs of running a business without any ability to be productive. This is how the cost of this kind of attack goes far beyond the ransom demand.
The first step is getting insurance coverage for an attack. If paying a ransom for tens of thousands of dollars or more could put you out of business or your business is reliant on data you should strongly consider getting insurance coverage for an attack. By getting coverage you have access to money to pay a random demand and they usually will work with cybersecurity firms who have experience navigating these kinds of attacks on a regular basis.
Additionally, you should have a cybersecurity strategy for your business. There is no thing as being 100% secure, but you should do what you can to reduce your vulnerability. This article by GetApp does a great job breaking down cybersecurity applications, their features, and other technical considerations that you must keep in mind when choosing and implementing security solutions. I would recommend looking through this article and making sure that your business is fortified against threats coming from email, internet usage, networks, apps and other systems.