As a small business, you worry about all those things that every small business worries about – sales, growth, cashflow and performance. Small businesses are integral parts of the economy, with both local and national governments recognising this.
In recent months, you may well have seen increased warnings from organisations such as GCHQ’s National Cyber Security Centre, fuelled by wider geo-political events, about how you should be more “cyber aware” and take steps to increase your Cybersecurity.
Business owners nowadays have had to become tech-savvy, at least to some extent. Maybe you’ve got a website, some social media “channels”, a hosted e-commerce website, or maybe not. You’ve more than likely got some element of your business online, even if it’s just your laptop or smartphone full of information.
Work doesn’t stop and, as you are rightly focusing on your business and delivering results, perhaps you are not focusing on Cybersecurity.
This is the reason Ransomware awareness and Cybersecurity are important, and why you are already a target.
As a small business owner, you own the risk, so it’s your business to understand some of this risk. This article is to help you understand a little more about one of the key threats, Ransomware.
So, what is Ransomware?
Ransomware is a form of cyberattack that attacks your devices such as laptops and phones, and makes them unusable.
The “hacker” will gain control of your device, encrypting your precious data. As the name suggests, for a ransom, you can have your device and data usable again. The cost of the ransom alone is typically in excess of £10,000 and this is only the repayment to the “hacker”, to say nothing of loss of custom, intellectual property or reputation.
We know that knowledge is power and, nowadays, knowledge is also data. Within your business you have lots of data.
This is data relating to your customers, your suppliers and yourself. Maybe you store names, addresses, orders, supplier information, sales data, bank account details and other sensitive information? All of this represents a goldmine of information that can be sold off at a profit, or held for ransom from you, until you pay or lose your data or system forever.
How does it work?
Typically a Ransomware attack will start with a “phishing” email or, recently, also text messages. This is a cleverly written, genuine looking email or message from an apparently trusted source that will try to trick you to either providing sensitive data (allowing a hacker to log in as you), or infect your device with “malware”.
Either way, the “hacker” can gain access to your device. From this point, the infection unpacks itself, and will scan the technology in your business, potentially infecting further connected devices. The next step is where the damage happens.
Your data can be stolen/transferred elsewhere and worryingly encrypted. Once it’s encrypted, you’re locked out of your system, and asked to pay a ransom. If not paid, you may well not be able to regain control of your data or your systems.
Ask yourself, if you were locked out of your systems, for a day, a week, could you continue in business?
This is exactly the situation that many small businesses have found themselves in, with some experts projecting that a Ransomware Attack takes place against a business every 11 seconds.
Smaller businesses tend to have a lack of understanding of cybersecurity, which is understandable -it’s a difficult field. Due to this lack of understanding, many of the possible levels of cyber-defence are not present.
This fact is known to “the bad guys” and used to their advantage.
I’m a small business, so how do I defend myself?
Last year, Venture House had an excellent 9-step guide on their blog that covered a number of key guidelines. Take a look at this guide and explore further as necessary.
As with any kind of challenge, Ransomware defence requires you to consider the three elements of People, Processes and Technology.
Is there a culture of security within your business? Are you and your team trained and able with respect to cybersecurity risk? Are you aware of the challenges and how an attack may take place?
- Get support with this. The National Cyber Security Centre offers a range of excellent free on-line training: https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
- Subscribe to the National Cyber Security Centre’s weekly threat alert, which will email you the latest threats to be aware of.
Does your small business follow well defined best-practices that can greatly reduce the chance of a successful attack?
- This is difficult for a small business to know about. But there are a few simple processes you can follow, such as to keep your devices updated, backing up your data and regularly changing passwords.
- A password “vault” keeps your passwords safe, and can also generate safe passwords for you. Some products include this (as well as Anti-Virus) such as Norton 360, but other vaults include Keeper Password Manager and Zoho Vault.
Have you tested these processes, including how to restore back-up data?
- If you haven’t, the best way to start is to understand firstly if you have back-ups. Nowadays tools such as Google Drive will store your files and paid alternatives that come with products such as Norton 360 can really help you here.
- Keep regular back-ups away from your laptop or device itself (commonly referred to as offsite).
Would you be able to recover from a Ransomware attack even if you have paid?
- Try and decide on a way you’d respond just the same as if you had a break-in to your house. Come up with a small plan on how to respond, speaking with cyber experts or perhaps your IT provider if you have one.
Do you know what technology you have and what risk that poses to your business? Are those devices secured, patched and protected?
- Keep a record of the devices you have on your home or office WiFi. Each one of these presents a potential risk. This can include your laptop, smartphone, Smart TV, games consoles and tablets.
- When a software patch or operating system patch is available (such as an iOS upgrade on Apple Devices), make sure they are patched.
- Don’t just click “apply patch later” when software reminders come up! Keep your devices safe!
It is highly recommended in all cases, that as a small business, you follow this excellent guide from the National Cyber Security Centre:
Additionally, the West Midlands Cyber Resilience Centre exists to help businesses bolster their cyber defences. Using a combination of police officers and cyber talent, the Cyber Resilience Centre for the West Midlands supports and helps protect small business, SMEs, supply chain businesses and third sector organisations in the region against cyber crime.
We are a Cybersecurity firm with a mission to help small and medium businesses secure their business. We will take you through our audit procedure to establish the level of risk exposure you have. We will work with you to understand that risk and then, for each area of risk, work with you on remediation areas. We have a local presence in Stratford-upon-Avon and focus on doing what is right for you and your business. If you’d like a chat to discuss the security of your business, please contact Dominic O’Reirdan at firstname.lastname@example.org or on 07761 380866.