It is no secret that in today’s world we face challenges that are vastly different from anything we have ever met before. In 2020, ransomware completely evolved, taking down SMB’s at a very rapid pace, with more sophisticated, disruptive and financially impactful attacks.
For many, the idea of “their” company being attacked seems unreal. Why would they come after me? We are too small. Unfortunately, this perception is why many companies were attacked to begin with. One in five small businesses have been victims to cybercrime in the last year. However, many of those crimes were not even reported! This can happen to anyone. Many of these attacks aren’t targeted, the hackers are just waiting to see who bites; once you do, they’ve got you. You are not innately safe from the hackers!
Ransomware attacks can do a great deal of irreparable damage to your company’s reputation in the long run, but first there are some short term affects that these attacks present. You haven’t protected your clients, vendors, employees and other contacts from the bad guys. As a business owner that is your responsibility, knowing what you know!
Once the initial shock of the violation wears off, you will begin dealing with the reality of the situation. You may not have access to your business records, causing extended periods of downtime, on average 16.2 days, and losing money by the day. This can create hours of extra work for your staff, loss of sales, loss of clients. Then you will need to begin working on analyzing what happened and how to recover your data. There will be forensics costs, legal fees, maybe you will pay the ransom and you might get your data back. However, you will still have to pay for credit-monitoring services for all affected consumers. On average breaches cost about $225 per record.
Did you know that 47 states have their own data breach laws? Oh wait, are you in finance or healthcare? If this were to happen to your company, you need to abide by HIPPA, SEC, or FINRA regulations and notify the state regulating bodies. In healthcare if the breach is over 500 people, you need to go as far as notifying a prominent media outlet.
As we’ve discovered, protecting your people, your company, your sanity can be easier said than done.
Here are some recommendations:
- Make sure you have a current anti-virus and firewall solution
- Use patch management: breaches are attributed to poor patch management
- If you are working remotely, use a VPN
- Implement Multi-factor authentication
- Have a strict password policy in place
- Implement a phishing awareness and training program for your employees: Your employees are the weakest link in your environment; make sure you have them trained. There are tools available that can hold your employees accountable for taking training courses and make them interesting and fun
Whether you want to believe it or not, you are vulnerable and at risk, if you are not taking precautions. If you have any concerns about protecting your data contact me right away and we can discuss options for how to secure your network.