Ransomware attacks on small businesses – how can you prepare?

Ransomware attacks, where hackers take control of your data and systems and demand a ransom, are surging in Australia. Although the ransomware attacks that make the news headlines are those affecting major brands, small businesses are also suffering under the onslaught. Ransomware attacks on small businesses often succeed because these businesses often don’t know the risks and are ill-prepared to handle them. Read on to see the steps you can take to prepare your small business to defend against ransomware attacks.

Step 1: Get informed and train staff

A business is most vulnerable when management and staff are unaware of cybersecurity risks and how to guard against them. Cybercriminals often rely on employees within a business to inadvertently download their viruses and malware giving them access and control. This vulnerability can be strengthened by ensuring that all staff with access to the computers of a business are educated about cyberattack risks and know how to follow the best practices in cybersecurity.

Step 2: Use a multilayered cybersecurity strategy

There are many security tools that can protect against ransomware attacks on small businesses but it would be a mistake to only rely on a few of them. This is because cybercriminals can use a very wide range of strategies to harm your computer. A tool which works well against a certain type of cyberattack may not protect you against different types. A multilayered approach is also important because there is an ongoing arms race between hackers and the developers of cybersecurity software. Hackers may find a way to breach one layer of your cybersecurity defence, but if you have multiple layers you may still be protected. See below for examples of important cybersecurity tools.

Step 3: Install cybersecurity tools

There are a variety of different tools that can increase the cybersecurity of your small business. Below are some of the most important.

• Spam filters: most emails sent in the world are spam emails. Spam emails pose a threat to a business as a vector for viruses and malware. Spam filters will identify these and remove them from your employees inboxes, preventing anyone from opening them.
• Web filters: this will prevent you or your staff from accessing websites that are high cybersecurity risks.
• Antivirus software: this can scan for known viruses in data packages.
• Anti-malware software: this can help identify whether software is harmful and safely destroy it if it is.
• Data encryption: this makes your data unreadable to those without your encryption algorithm.
• Data backup and rollback: this means having secure cloud storage of data and also mechanisms for returning to a safe configuration in the invent of malware installation.
• Network monitoring and analysis: This allows IT staff to see what is going on on the company network and to identify, analyse and deal with incoming threats at the time they occur.

Step 4: Stay updated

Cybersecurity is an arms race. The only way to win the race is to keep your computing software and cybersecurity tools updated. Many will have automatic updates, but it is up to you to make sure that this is occurring and to intervene manually if needed.

Step 5: Restrict access

If fewer people have access to your systems and data then there will be fewer avenues of attack by ransomware. The best practice is to minimise access; people should only have access to the data and controls that they actually need for their work. When this is in place, even if a hacker gains access to a staff member’s account, the damage that they will be able to do will be limited to the areas the staff member has access to.

Step 6: Get cyber insurance

Although there is a great deal of protection that can be gained from following the above 5 steps, the reality is that ransomware attacks are still regularly breaking through the security of even very large businesses. Ransomware attacks on small businesses are more numerous because small businesses are so often unprepared. When a successful attack occurs, businesses face massive costs. Ransomware poses a big threat to a small business because small businesses often cannot sustain a large loss and remain in business. Such costs can be crippling unless the business has adequate cyber liability insurance.

Cyber liability insurance can protect you, your clients and other affected parties from losses due to ransomware attacks. These losses can include:

• The loss of revenue from business interruption
• The cost of hiring negotiators and paying ransom
• Recovering or replacing your records and data
• Liability from data breaches of third party data leading to breach of privacy
• Defence of legal claims
• Investigation by a Government regulator
• Crisis management and monitoring
• Prevention of further attacks

Insure with GSK Insurance Brokers

At GSK insurance Brokers we understand well the risks that small businesses face. For over forty years we have helped businesses get the right insurance at the right price and we’d love to help you too. We have put together a range of flexible insurance packages for small and medium Australian business which can be further tailored for your specific requirements. As a part of these insurance packages we include Cyber Liability Insurance to help protect you from ransomware and other cyberattacks. Safeguard what you have worked so hard to build with insurance for your small business, contact us today!