Gene Marks, CPA and Small Business Advisor for Right Networks, shares three ways you prevent ransomware attacks on small businesses.
When you read about all the online security issues that both people and businesses face today, the list is long. Your devices are under attack, your assets are vulnerable, and your reputation is exposed. There remain viruses and malware that can shut you down without warning.
All of these threats are legitimate. But there’s one security threat that’s really important to address, and that’s ransomware attacks on small businesses. Ransomware is a money-maker for hackers which is why it’s so popular. And small businesses are a great target.
Many of us don’t take the necessary steps to fully protect our networks. As a result, we’re much more vulnerable than our larger counterparts. Getting hit with a ransomware attack can devastate your small business. It can even shut you down permanently. So how do you prevent ransomware attacks? Experts will offer many tips.
But to me there are three key actions to take that will significantly minimize your risk of ransomware attacks on small businesses.
Action 1: Get Your People Trained
Numerous studies point to human error as the main reason behind malware attacks. Why? Well, let’s admit it – we all make mistakes. I know I do — I do too many things at one time — I don’t pay attention — I click on things too quickly — I download files without thinking — I navigate to websites without fear. And I should be aware. And so should you. Ransomware gets into a system when someone – anyone in a company – does these things. It only has to happen one time from one person for it to have an enormous effect on an enterprise.
Which is why across-the-board training for all employees is so important in preventing ransomware attacks. This training can be in the form of one-on-one or group sessions with an IT firm. Your company needs to make sure that your employees (and you, of course) are familiar with the latest scam emails and know what to look for in order to identify a potential nefarious file or link.
Action 2: Enforce Automatic Updates
Do you always upgrade your operating system when Microsoft or Apple or Google tells you? Many people I know – myself included – defer the update or ignore the requests to comply. I understand why. Operating system updates have had a history of sometimes doing more damage than good. For many users if it’s working, don’t break it. But times have changed, and operating system updates are much more reliable. Plus, it’s critical to do these updates as soon as they’re available.
Why? Because updates to Windows, iOS and Android have some new features and they’re mostly about security nowadays. The new operating systems come with the latest plugs and patches for the malware out there. Yes, they’re only so current so nothing’s guaranteed. But believe when I say that the people making malware would rather attack a device running an older operating system than spend the extra time trying to hack into a device that is running the latest and greatest version of its operating system.
So, upgrade your OS. Get your employees to upgrade their OS. Monitor them. You can even pay for a security firm to enforce these rules. Doing so will significantly decrease your vulnerability and help prevent ransomware attacks.
Action 3: Outsource your IT to a Vertical Cloud Services Provider
Do you know what “smh” means? It means “shake my head.” And when I encounter clients that are still housing their files, applications and data on their own servers I always shake my head. Why are these people still doing this?
Moving to a cloud services provider, especially one that services your industry or needs, is a powerful way to prevent ransomware attacks on small businesses. The reason is simple: resources. A good provider will always have better trained technical staff, software, tools and technologies to confront these problems than your typical IT firm. They will always be up to date on the latest ransomware threats and take necessary steps to protect their clients than that same firm. In fact, the typical IT firm is probably outsourcing its clients’ data to service provider anyway.
Why is this so much safer? Because if you’re a cloud service provider your business depends on it. You can’t be in business very long if your clients are continually attacked by hackers. You’re going to spend a big part of your annual budget on making sure these things never happen. If you’re a small business, moving all of your information to a cloud services provider is a commonsense approach to minimizing the risk of a ransomware attack.
All of these actions won’t prevent ransomware attacks 100% of the time. That’s because the hackers always try to be one step ahead of those that are fighting them. But the distance between the two isn’t that long. And the actions I’m recommending will significantly lower the risk of ransomware attacks on small businesses. The harder you make it for hackers to infiltrate your system, the less inclined they are to do it. Make it as costly for them as possible. Unfortunately, it will also incur some costs for you too but worth the investment.