Ransomware attacks against businesses and incidents that compromise their e-mail systems are on the rise again. They are threatening organizations of all sizes — and may target yours.
Small businesses are particularly vulnerable to these types of attacks, as the cyber criminals know that they typically have less sophisticated networks and protection. Accenture reported that nearly 43% of cyber attacks are on small businesses, yet only 14% of these firms are prepared for attacks.
Considering that a cyber attack on a small business can range from minor (less than $1,000) to enormous (more than $650,000), it’s important that your firm put in place safeguards to avoid having operations hampered or private data exposed by hackers.
The cost of cyber attacks is substantial:
- The average ransom demand is $5.3 million and the average payment is $100,000, according to a report by Zscaler.
- 40% of the attackers’ victims are in the U.S.
- A report from Verizon stated that half of all business e-mail compromise thefts cost more than $50,000.
- 19% of data breaches originate from within organizations, either accidentally or deliberately.
Attack methods keep changing
Cyber criminals are using more sophisticated methods to go after companies. Here are the new threats that employers must contend with:
- Encryptionless extortion attacks — These differ from traditional ransomware attacks, in which the criminals seize control of systems and refuse to release them until they receive ransom payments. In an encryptionless attack, they steal an organization’s data and hold it for ransom.
- Pretexting attacks — Also known as “social engineering,” in these attacks someone poses as a person known to an employee within the targeted organization. They know enough information to appear convincing.
They request that the recipient perform a routine transaction, such as changing a bank account number for a vendor. The new bank account belongs to the attacker, not the vendor, and the money is gone before the truth is discovered.
What you can do
You can thwart the criminals by:
- Educating your employees — Regularly update your staff on new security protocols. The more your employees know about cyber attacks and how to protect your data, the safer your business will be. Send out regular reminders not to open attachments or click on links in e-mails from people they don’t know or expect.
- Implementing safe-password practices — Have employees use complicated passwords and change them regularly every 60 to 90 days.
- Using robust security platforms and protocols — This includes installing web application firewalls and using secure payment gateways if you accept credit cards online. Your website hosting company should regularly patch security vulnerabilities, and you should ensure that all computers have antivirus software installed.
- Regularly backing up all data — That includes databases, financial files, human resources files, and accounts receivable and payable files.
Cyber insurance
Even with these protections in place, companies still can suffer an attack. If it’s a ransomware attack, your systems may be unusable until the ransom is paid.
Fortunately, cyber insurance can help pay for the associated costs, including:
- Recovering or replacing lost or stolen data
- Investigating the incident
- Notifying regulators and customers of a breach
- Income lost due to a breach
- Extortion payments
- Legal damages
- Lawsuit and regulatory action defense
- Fines, fees or penalties (coverage not available in all states)
- Crisis and public relations management.
VMA has partnered with Cowbell Cyber to get our members the best rates to protect their businesses from cyber attacks. Contact us by emailing shannon@visualmedialliance.org to find out how affordable they are