How Small Businesses Can Protect Themselves from Ransomware

How Can Small Businesses Be Protected From Ransomware?

According to CNN tech, in 2017, malware and ransomware attacks have increased dramatically, and no industry is exempt. Moscow-based cybersecurity firm Group IB reported that victims worldwide are experiencing attacks. Multiple industries have been hit, including banking, transportation, energy — even snack and candy makers.

CSU Global asked faculty member Chris denHeijer, Ph.D, computer science and enterprise, to share his thoughts on how small businesses can protect themselves from costly, destructive malware attacks.

1. What data breach trends did you notice in 2016?Internet malware attacks are on the rise, and not just by lone hackers. Country-sponsored attacks on business are becoming common. The favored attack method is to send emails with payloads such as phishing gambits, malicious attachments, and links to infected webpages. As soon as a tainted email is opened, a company network is unknowingly compromised.  Called phishing, or spear phishing attacks, these emails usually appear to be from a friend or co-worker. According to Trend Micro, the number of new types of ransomware increased by 172 percent in 2016. One example is the attack on Hollywood Presbyterian Medical Center in California — their database was infected by malware that encrypted all patient data. Hollywood Presbyterian was forced to pay $17,000 to re-acquire their own data.
2. What should small-business owners be watchful for in the coming year?Businesses and organization of all sizes should look at their protocols for employee access to external websites and email. There may be a need to change to business cultures with limits to internet access.
3. How should a small-business owner think about cyber security?In 2016, I attended an infraGard briefing in Los Angeles. One speaker, an FBI agent, said “All companies have been hacked — whether they know it or not.” This insight was mirrored by Nicole Perlroth, cybersecurity editor of the New York Times. During her presentation at TechFest 2017, she said, “So many systems have been breached — everyone and their mother has been hacked.” Clearly, cybersecurity must be taken seriously.
4. How can a small-business owner prepare for an attack?Cybersecurity employee training is the first priority and the most inexpensive option. Education is the first line of defense in protecting company information and data. Every employee needs to know what to watch for, and how to respond to threats. Standard operating procedures must be in place so employees how to respond to suspicious emails, or notice anything unusual in their computer’s behavior.The vast majority of emails are not business related. It is crucial to filter spam before the it appears in employee inboxes. Inexpensive firewalls for small businesses are available that include email filters such as WatchGuard and SonicWALL.

More on ransomware:
http://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup