Ransomware attacks are continuing to rise, which means that if you’re an SMB it’s another thing to add to your already growing cybersecurity checklist. Although ransomware attacks tend to get the headlines when they hit larger corporations or governments, it’s actually small business owners who are more frequently hit.
There are many and varied ways ransomware gangs, such as the infamous LockBit, C10p and Black Cat to name but three, use to infiltrate SMBs and much of that is down to many making themselves relatively easy targets for attack. SMBs with 200 or less employees are often prime targets, usually because they’re working to tight budgets.
However, it’s not just about the money, because SMBs can also have a tendency to overlook the obvious with many business owners not having a cybersecurity strategy in place. This can lead to a lack of awareness of the risks for employees, which is just the sort of lax environment that can allow ransomware attacks to appear, as if out of nowhere.
What to do about it?
Spotting the weaknesses in the everyday working architecture of an SMB is a vital part of identifying any potential problems. With SMB security budgets being a fraction of what they are at large companies, and with IT departments often being stretched too, it’s vital to carry out an evaluation. Picking through procedures and what steps have been taken to lock down a company as best as possible is vital.
For example, educating employees and getting IT staff to implement the use of strong passwords is a given, along with getting them updated and changed on a regular basis. Password management tools can be useful if it’s a business with a fully stretched IT department. Implementing two-factor authentication (2FA) is relatively easy to do too and can help secure your business still further, as is ensuring system patches are updated as soon as they become available.
Spotting software weaknesses
SMB owners are often under pressure in lots of areas, so not keeping software and systems up to date can be a frequent area of weakness. Similarly, neglecting to have a full backup strategy in place can be a costly oversight, which also gives ransomware hackers lots more scope for carrying out their threats. Even if your SMB is relatively modest, the threat from ransomware attacks and hackers should lever be underestimated.
It's not just about the software and systems though. Ensuring your employees are full conversant in the way programs work and how to keep an eye out for potential ransomware threats is also another important part of the cybersecurity puzzle. This tends to be exacerbated if the SMB makes regular use of remote or hybrid works, along with complimenting staff quotas with contractors and freelance workers.
Remaining vigilant
Another big headache for SMBs and the wider business community is just how much the threat of ransomware attacks continues to grow and, at the same time evolve too. With ransomware groups on the increase, techniques are morphing too with the likes of ransomware-as-a-service now being made available to cybercriminals via the dark web. This effectively allows an easy access route for cybercriminals to simply purchase the tools and information they need to get started,
On top of that, there are potentially rich pickings in store for anyone want to exploit the weaknesses in the security setup of an unprepared SMB. Hackers who have managed to secure company data from a smaller business is much more likely to be able to squeeze a ransom from them. Many SMBs make use of the likes of the file sharing apps, accounting and payroll software, which if it isn’t sufficiently well set up to protect data can offer hackers with endless opportunities.
Ongoing protection
SMBs therefore must keep on top of their cybersecurity strategy in order to be ready for any potential attacks, not only now but in the future too. Anyone who hasn’t audited their security measures recently would be well advised to do it as soon as possible. There are plenty of preventative measures that can be implemented relatively easily and, thanks to a wealth of options out there, cybersecurity software is relatively affordable.
However, it is well worth spending as much as your business can afford on a security solution to work alongside better employee awareness to the threats from ransomware. In fact, having diligent employees can make a huge difference to keeping things as locked down as possible. In that respect it’s a very good idea to have regular training session updates in order to educate staff of any new or evolving threats, particularly when it comes to the likes of phishing emails, which plague many if not all company inboxes.
If ransomware strikes
Even if you’re the world’s most diligent SMB owner, with all of the safeguards in place and staff that go the extra mile when it comes to keep an eye out for threats, an attack is always possible. Advice offered by most in the know if your SMB does get compromised by a ransomware attack is to not make any payments. While it might be possible to negotiate with a ransomware group it’s not encouraged.
Equally though, if you haven’t been smart and taken the steps in advance to keep company data as safe and secure as possible, it might be the only option. Which is a stark reminder of just how important it is to lockdown your company and it’s data as soon as possible. Spending money of good quality preventative measures such as software and systems sooner rather than later could turn out to be the best investment your SMB will ever make.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.