AllBusiness.com
    • Starting a Business
    • Career
    • Sales & Marketing
    • AI
    • Finance & Fundraising
    • M & A
    • Tech
    • Business Resources
    • Business Directory
    1. Home»
    2. Technology»
    3. How to Protect Your Business Against Ransomware and Other Cyberattacks»
    ransomware cyberattack concept

    How to Protect Your Business Against Ransomware and Other Cyberattacks

    Michael Evans
    TechnologySecurity

    By Terry Ingram and Michael Evans

    In the first six months of 2019 alone, data breaches exposed more than 4.1 billion records. An average of 28% of small businesses suffer data breaches each year, and as many as 10% of those businesses are forced to close their doors in the aftermath of the breach.

    The cost of a data breach can have a substantial impact on companies of any size, and understanding the potential cost of that breach is critical for companies as they consider what cybersecurity measures they need to take to protect their businesses against ransomware and other cyberattacks.

    Financial cost of cybersecurity breaches

    When a cybersecurity breach occurs, the financial costs are the first concern of many businesses—and the costs of many of those types of attacks, including ransomware, have skyrocketed in recent years. According to cybersecurity firm OSIbeyond, ransomware attacks alone cost small organizations an average of $84,000. Larger organizations, or those hit harder in an attack, may face even higher costs. In many cases you may experience both immediate financial costs and ongoing financial costs as you work to restore your data and reestablish trust with your customers.

    Within the groups of people who speak about cybercrime, there are thousands of ongoing conversations about specific cases (Cybersecurity Ventures estimates that globally a ransomware attack occurs every 11 seconds). These discussions rarely make it to the news or the information dashboards of small and medium-sized business owners. However, occasionally a cybersecurity breach is so significant it makes headlines, such as was the case with the Colonial Pipeline ransomware attack. Were you ready if you lived in the Southeastern United States? People panicked and, depending on your locale, it likely had a real impact on your business—and your personal life—through energy curtailment.

    If you were a trade contractor and a key supplier came under attack, what would you do? It is almost impossible to be fully prepared for a cyberattack as it can be focused directly on your business or come via a supplier, a customer, or even your bank. We live in a connected economy linked via the internet, and hackers are professionals at attacking businesses small and large.

    The dangers of a ransomware attack

    There are three basic entry points where ransomware can interrupt your business operations: your technology connection with your customer, your own email system, and your technology connection with your vendors. If you have customer-facing web servers for your e-commerce or VPN, you have a direct entry point through your customers to ransomware attacks. Second, ransomware can also arrive via spam email with attached Word or Excel files or remote desktop protocol (RDP) brute force attacks. Third, there are firms in your supply chain who, due to their lack of attention, may suddenly become unable to supply or properly reconcile with you due to a ransomware attack on their systems.

    More articles by AllBusiness.com:

    • Targeting Phishing Attacks: Security Best Practices to Protect Your Business
    • Are You at Risk From a Cyberattack? Here’s Why Your Business Needs a Cybersecurity Plan
    • 7 Cybersecurity Strategies to Prevent Ransomware Attacks and Account Takeovers
    • The Cybersecurity Tech Startup Defending Against Identity Fraud
    • Data Privacy and Cybersecurity Issues in Mergers and Acquisitions: A Due Diligence Checklist to Assess Risk

    Frequently, a ransomware attack goes beyond locking down your data through encryption in place. More often, the ransomware extracts the data and stores it in pirate cloud servers, then further adds to the data from other sources (legal and illegal), then resells it to criminal groups who bid on these data blocks. You might imagine your payment and banking data residing on vendors’ servers and subsequent further sales of your financial data to other criminal parties. It is worrisome to envision all your customers’ sensitive data posted on the internet somewhere.

    Until relatively recently, one might believe that simply being disciplined with regular software updates, patches, and the latest anti-virus software would adequately protect your business against ransomware and other threats. That is until December 2020 when, while the world was focused on other things, we learned about a new source of infection by third-party suppliers. Security experts discovered a highly sophisticated cyber intrusion that leveraged commercial system management software. Advanced persistent threat (APT) actors inserted a backdoor into the SolarWinds application during vendor development, which meant that installing the product to defend and manage against technology service interruption in fact created the ability for disruption by threat actors.

    The persistent threat of ransomware and other cyberattacks is a clear and present danger to our trade, commerce, financial, and government systems. What can the owner of a small or midsize business do to mitigate risk?

    1. Protect your points of entry

    Website security and intrusion, email, user clicks, and malware (by many means, including insider threat) all represent risk. Ensure your IT team, whether they are internal or external to your organization, takes security seriously. Provide employees with ongoing and active training on data security best practices, such as changing passwords frequently, being aware of spam and hacking practices, checking sender emails for the validity of the sender, and never opening an attachment unless you are expecting it.

    2. Discuss cyberthreats with vendors

    Your company is your responsibility and protecting it sometimes requires you to have uncomfortable conversations with business partners. Ask your vendors about their cybersecurity protocols and have them brief you about how they protect your data and what the plan is in the event of a cyberattack. In addition, be sure you have a backup plan should your primary vendors be unable to operate normally.

    3. Publicly discuss cybersecurity

    No doubt your firm has safety procedures in place but educating your employees on how to be on the lookout for spam, hacking, and ransomware is critical. Be active with your local, state, and federal political lawmakers and representative leaders regarding cybersecurity legislation. And if you are compromised by a cyberattack, always contact the FBI—it is the first question your cyber insurer will ask you if you get hacked.

    To protect your business, be prepared

    Our digital networks link us all together, but they also make us vulnerable to bad actors from anywhere across the globe. Prepare your business for the possibility of cybercrime like you would prepare against any other disaster or unexpected event.

    RELATED: How to Protect Your Small Business From Today’s Cybersecurity Threats

    Terry J. Ingram is a Partner at Newport, LLC, as a corporate adviser in global expansion, repatriation of products and services, chaired in acquisitions and turnarounds with a keen focus in revenue growth, critical path engineering, and sales. Reach him via email at terry.ingram@newportllc.com.

    Hot Stories

    Woman listening one of the top 10 songs of all time

    The Top 10 Songs of All Time According to AI

    A couple attending a Broadway musical

    The Top 10 Broadway Musicals of All Time According to AI

    Profile: Michael Evans

    Michael L. Evans is Managing Director and Chief Financial Officer for the Newport, LLC, a partnership of board directors and senior executive leaders with deep knowledge of business strategy, operations, and capital markets. Previous to Newport, Michael had been with Ernst & Young. During his 34 years with the firm, he served as a tax, audit, and consulting services partner, specializing in real estate companies and publicly traded entities. Michael is a frequent writer on business topics and has authored two books. He can be reached at (415) 990-1844 or via email at michael.evans@NewportLLC.com.

    BizBuySell
    logo
    AllBusiness.com is a premier business website dedicated to providing entrepreneurs, business owners, and business professionals with articles, insights, actionable advice,
    and cutting-edge guides and resources. Covering a wide range of topics, from starting a business, fundraising, sales and marketing, and leadership, to emerging AI
    technologies and industry trends, AllBusiness.com empowers professionals with the knowledge they need to succeed.
    About UsContact UsExpert AuthorsGuest PostEmail NewsletterAdvertiseCookiesIntellectual PropertyTerms of UsePrivacy Policy
    Copyright © AliBusiness.com All Rights Reserved.
    logo
    • Experts
      • Latest Expert Articles
      • Expert Bios
      • Become an Expert
      • Become a Contributor
    • Starting a Business
      • Home-Based Business
      • Online Business
      • Franchising
      • Buying a Business
      • Selling a Business
      • Starting a Business
    • AI
    • Sales & Marketing
      • Advertising, Marketing & PR
      • Customer Service
      • E-Commerce
      • Pricing and Merchandising
      • Sales
      • Content Marketing
      • Search Engine Marketing
      • Search Engine Optimization
      • Social Media
    • Finance & Fundraising
      • Angel and Venture Funding
      • Accounting and Budgeting
      • Business Planning
      • Financing & Credit
      • Insurance & Risk Management
      • Legal
      • Taxes
      • Personal Finance
    • Technology
      • Apps
      • Cloud Computing
      • Hardware
      • Internet
      • Mobile
      • Security
      • Software
      • SOHO & Home Businesses
      • Office Technology
    • Career
      • Company Culture
      • Compensation & Benefits
      • Employee Evaluations
      • Health & Safety
      • Hiring & Firing
      • Women in Business
      • Outsourcing
      • Your Career
      • Operations
      • Mergers and Acquisitions
    • Operations
    • Mergers & Acquisitions
    • Business Resources
      • AI Dictionary
      • Forms and Agreements
      • Guides
      • Company Profiles
        • Business Directory
        • Create a Profile
        • Sample Profile
      • Business Terms Dictionary
      • Personal Finance Dictionary
      • Slideshows
      • Entrepreneur Profiles
      • Product Reviews
      • Video
    • About Us
      • Create Company Profile
      • Advertise
      • Email Newsletter
      • Contact Us
      • About Us
      • Terms of Use
      • Contribute Content
      • Intellectual Property
      • Privacy
      • Cookies