Access denied: how to prevent a ransomware attack

Data is a small business’s lifeline. Not only is it essential for innovation, competitiveness and improving the customer experience, it is integral in the day-to-day functioning of any organisation. When this data is compromised, the consequences for a small business can be catastrophic. These consequences are amplified when ransomware attack enters the game.

In the past, cyber attacks on small businesses mostly took the form of software viruses that set out to steal your credit card details. Now, ransomware is the most common form of malware used in the Asia Pacific, and Australia remains the main target. Like traditional viruses, ransomware is a financially motivated cybercrime. During an attack, network “endpoints” like your computer or mobile are locked while your files are encrypted and held hostage until a fee is paid.

There’s a dangerous perception that ransomware only affects large organisations. In fact, the number of ransomware attacks on Australian small businesses is rising fast. In February 2017 alone, the Australian Competition and Consumer Commission (ACCC) received over 734 reports of ransomware and malware attacks.

Small businesses are less likely than large organisations to have extensive security controls and to back up their data regularly. This is what makes them vulnerable. 60 per cent of SMEs targeted are likely go out of business within six months of an attack. With that amount of money on the line, the onus is now on both businesses and employees to make cyber security a priority. There is no silver bullet to preventing a ransomware attack. Small businesses must take a multi-layered approach to protect themselves effectively. This involves:

Securing the endpoint

The “endpoints,” the devices used to access the central business server or network, are the easiest and fastest way to infiltrate and paralyse a small business. Security measures need to protect endpoint devices and their data, and its clear legacy solutions just aren’t cutting it any more. While firewall solutions may prevent malware from entering your network, they cannot prevent attackers from slipping through via ports left open for legitimate applications.

Educating employees

Individual employees are another point of weakness. Employees need to be educated about their role in privacy and security. They should be encouraged to think before they act and trained to be wary of communications imploring them to act immediately, offer something that sounds too good to be true or request personal information.

Backing up data

In the end, a small business has limited resources, it can’t guard against every possible thing that could go wrong. Thankfully, a good back-up solution could mean the difference between paying a ransom or losing your data.

It is critical that small business owners backup data on a regular basis. This reduces downtime until a ransom is paid, and could even prevent one being paid at all. USBs and external hard drives are cost-effective options, providing these devices are physically disconnected as soon as the backup occurs. If not, they too can become infected.

Ransomware damages reputations, drains productivity and costs small businesses in Australia millions of dollars every year. Prevention is the best cure and often education is the first line of defense to keeping your company and customer data safe. By securing your end-point, empowering employees and regularly backing up data, the impacts of ransomware can be greatly minimised and event prevented.

Greg Darthoit, Endpoint Security and Management Lead, Dell EMC ANZ