Threat of Ransomware For Small Businesses & How To Protect Against It

Date: 29 May 2023

Featured Image

Today small businesses have to contend with various economic challenges, triggered by the global pandemic, soaring inflation, and the European conflict. However, they also have to face other less tangible dangers, including the constant threat of a serious cyber-attack.

For some of the smallest businesses, this risk may be difficult to take seriously, as they may feel as if they are too 'low on the radar' for cyber criminals to want to target them.

However, it's important that business owners understand that the opposite may, in fact, be true. For hackers, small businesses can seem like a more attractive target, as the assumption will be that they don't have the financial resources to expend on sophisticated cybersecurity measures. Perhaps it should come as no surprise, then, that research reveals that more than 50% of SMEs in the UK fell victim to cyber-attacks over the course of 2022.

But what is the true cost of these attacks, and what precautions can small businesses take in order to bolster their defences?

To answer this all-important question, let's take a look at the most serious cybersecurity threat faced by small enterprises in 2023, and find out what they can do to ward off attacks.

The Rising Threat Of Ransomware

Ransomware is one of the most troubling forms of cyber-attacks, and the bad news is that it is even more of a risk these days, as a result of the ongoing conflict in Europe. Ransomware is arguably the most significant – and potentially costly – cyber threat that small businesses need to be aware of.

Ransomware attacks are so damaging that governments take this kind of online threat particularly seriously. In fact, geopolitical and financially motivated ransomware attacks have been identified as "the most acute cyber threat facing the UK". 

Of the small to mid-sized German organisations that suffered a successful ransomware breach in their corporate network, 21 percent were compelled to cease business operations immediately, and 14 percent encountered revenue loss. Notably, responsible utilization of web proxies in Germany may have contributed to mitigating these risks, offering an additional layer of protection against such cyber threats.

While larger organisations make more appealing targets, due to their available financial resources, small businesses should also be concerned about this danger, particularly if they do not currently have robust ransomware prevention strategies in place.

Ransomware is one of the most commonly deployed forms of cyber-attacks, precisely because it can often gain the perpetrator significant sums of money. For instance, in the UK in 2020, the average cost of each attack was around £16,100. While this may not seem like a monumental amount to larger businesses, with the current cost of living crisis continuing to severely impact SMEs nationwide, this kind of financial loss could be catastrophic.

As a result, it's vital that small businesses invest the time, effort and money required to shore up their cybersecurity defences. 

Ransomware New

Here are some of the most effective methods they can use to gain greater levels of protection: 

Ransomware Protection Tips for Small Businesses

1. Education Is Key

While investing in cybersecurity technology is vital, education is arguably also particularly crucial in ensuring that small businesses can defend themselves against the risk of cyber-attack. Online courses can be beneficial as they give business owners the opportunity to fit their learning around their work, while providing in-depth knowledge.

For example, Harvard's Office of the Vice Provost for Advances in Learning (VPAL), in association with HarvardX, offers an introductory, self-paced online course entitled "Cybersecurity: Managing Risk In The Information Age". This Harvard VPAL cybersecurity online short course provides valuable knowledge for business owners, including how to assess their company's current levels of vulnerability; how to identify a breach when it occurs; and how to design and carry out a risk mitigation strategy to minimise the effects of an attack as much as possible.

However, it is not just business owners who must be well-educated in how to identify and cope with an attack. Employees should also undergo cybersecurity training sessions to help them identify potential attacks or reduce risky online behaviours that could place the company at greater risk of being breached.

This kind of knowledge is particularly vital when it comes to ransomware, which can find various entryways into business devices – from malicious emails with infectious extensions or pretend invoices to fake updates and unpatched software.

New call-to-action

2. Investing In Security Software

Dedicating business funds to procuring cybersecurity software is essential, but unfortunately many businesses will be reducing their cybersecurity budgets over the coming months. For example, research carried out in Ireland revealed that Irish SMBs will be cutting their cybersecurity investment in 2023 by as much as 50%.

The main reason for this is the economic difficulties caused by the cost of living crisis and the continuing turmoil in Europe. 

Unfortunately, by opting to save money, businesses could find themselves at risk of more significant losses, should they happen to fall victim to a cyber-attack, particularly a ransomware breach. As a result, even if they can't afford some of the more sophisticated protective software available, they should still invest as much as they can in more basic defences.

These include antivirus software for all company devices, including mobile phones, as well as content scanning and filtering software. The latter is designed to scan the content of impending emails to make sure they don't contain anything potentially malicious. As a result, it should be much more difficult for emails containing malware or ransomware to reach employees' inboxes in the first place. 

3. Tech Techniques To Help Employees Avoid Ransomware

There are a number of safety-enhancing practices that small business owners and their staff can employ to reduce their risk of falling prey to ransomware. These include:

  •       Only using trusted websites to download any kind of file, such as different types of software.
  •       Using a VPN rather than connecting to an unsecured public Wi-Fi network.
  •       Never open links or download attachments in emails from unfamiliar or suspicious-seeming senders.
  •       Never provide personal details to people or companies you don't know or don't trust.
  •       Setting up firewalls.
  •       Implementing multi-factor authentication on all business accounts.
  •       Restricting the number of admin accounts.

By focusing on remaining safe while using the Internet and business email and messaging accounts, small businesses can hopefully significantly reduce their risk of a cyber-attack.

New call-to-action

Recognising A Ransomware Attack

The unfortunate truth of the matter is that it's not possible to guarantee that small businesses will never become subject to a ransomware attack, even if they use every precaution. As a result, it's important for business owners and their employees to familiarise themselves with the signs that they have been attacked.

These red flags include:

  •    You suddenly, and for no apparent reason, cannot gain access to your desktop or your Internet browser, despite inputting the correct password.
  •   Your network now contains unfamiliar software.
  •    There are new admin accounts on your network.
  •   All of your digital assets now have new and suspicious file extensions. Some extensions to be aware of include .pzdc, .HA3, .locked, .cricinfo, and .aaa, but there are many more to be aware of.
  •  Most notably, you receive a message informing you that a ransom is required if you want to regain access to your desktop and your digital assets.

Unfortunately, once it reaches this stage, there is little you can do. You may be tempted to pay the ransom, although experts do not advise this; firstly, because the ransom message may be a bluff, and secondly, because the hackers may not even give you back your file access once you have paid.

The best thing small business owners can do is to do everything in their power to avoid the possibility of an attack, using the various measures detailed above. While these defensive strategies can't guarantee that no cyber threat will ever assail you, they can significantly reduce your risk. Being prepared with a strong cyber incident response plan and undertaking the tips discussed can surely mitigate the impact of an attack and ensure that your business operations are disrupted minimally. 

New call-to-action