SMALL IN NAME ONLY: TECH TRENDS FOR SMALL BUSINESSES | A ZDNet Multiplexer Blog What's this?

Myth: We're not important enough to get hacked or ransomed

Cyberthreats don't discriminate, and a false sense of security can hurt your business. Learn how to secure your IT assets and avoid -- or at least mitigate -- the harm of an attack.

So, you think your company is too small or not important enough to warrant the attention of hackers and cybercriminals? Sad to say, we've heard it all before. No business (not even tiny, two-person companies) is small enough to fly under the radar of attackers.

Here's the thing: As soon as you pop up on the internet, you're a target. It could be that hackers are just testing the security of every machine on a bank of IP addresses (the numerical code that identifies your computer or mobile device while it's online). It could be your name, password, and other identifying information got sucked up during a hack on some business you buy products and services from. It could be you or someone in your company accidentally opened a spam email and clicked a poisoned link.

You don't need to be big, important, or well-known. You just have to be online.

Even if you're not a major player, you might be targeted because of business partners, too. The classic example of this, way back in 2014, is the small HVAC vendor that was targeted because their customer was Target. 

A phishing email was sent to Fazio Mechanical. An employee opened the email, which unleashed malware. That gave hackers access to vendor portal credentials at Target, which then became their ultimate target. The retailer lost data on millions of customers and experienced hundreds of millions in cost -- in part because their tiny vendor wasn't secure.

Fast-forward to the present day, and nothing has gotten better. According to the FBI's 2020 Internet Crime Report, complaints to the FBI increased by 69 percent over 2019. 

Held for ransom

It's ransomware, though, that continues to be the big win for cyberthieves. It's directly profitable for bad guys. They make a whole bunch of penetration attempts, which cost nothing and usually risk nothing, because they're done over the internet. 

It doesn't matter how many penetration attempts it takes to find an available victim, because once the crooks find a way in, they launch their ransomware code, and more than half of their victims pay the ransom, according to virus company Kaspersky. 

Ransom attacks aren't limited to big companies, either. Datto is a company that provides security guidance to outside firms that manage IT operations for small and medium (SMB) companies. According to Datto's Annual Global State of the Channel Ransomware Report for 2020, 68 percent of SMB companies have experienced ransomware attacks.

The consequences are painful, too, according to a survey from Cybereason. In addition to revenue loss, reputation damage, and talent resignations, more than a quarter of the businesses polled had to shut down for some period of time after a ransomware attack.

In fact, there's a whole array of malware hitting these smaller companies. The Datto survey shows that 56 percent experienced viruses, 44 percent malware, 19 percent remote access trojans, 16 percent cryptojacking (using PCs to mine cryptocurrency), and on and on.

What scared the IT pros consulting for these small companies is that, while 84 percent of the IT experts were worried about ransomware, only 30 percent of their clients were. That gap means that many companies just aren't taking the right precautions, making many of these smaller businesses targets of opportunity for criminals.

Crime pays

These attacks are expensive for their victims. While the ransoms are generally relatively small -- about $5,600 according to Datto -- Kaspersky says that only half of the companies that pay ransoms get their data back. Possibly worse are the distraction and downtime from such attacks. Datto's respondents said 39 percent of their clients "experienced business-threatening downtime."

The key takeaway is that nobody is safe from malware and ransomware attacks. While there are dedicated spear-phishing assaults aimed at certain large targets, smaller companies are much more likely to be hit by random chance. Ask yourself this: Have you ever gotten a junk phone call or a piece of spam email? If so, you're as likely to be a target of malware or ransomware.

Don't be a victim

There are two approaches you can take. First, try to prevent malware infections. And second, make sure that if you are attacked, your data is protected.

The single most common way malware is activated is when someone clicks on a dangerous link. That link might be presented in an email that looks legitimate. It might be in a text message. I got one just today on Twitter from a "reader" who wanted help with a webpage (and sent me a very suspicious link).

Make sure your friends, family, and staff are trained on how to spot these dangerous links, and are also trained to -- in general -- not click on unsolicited links.

Run antivirus software and keep definitions up to date. This is particularly an issue for Windows users and Android users, whose operating systems aren't as locked down as iOS and are much bigger targets of opportunity than MacOS or Linux.

Keep all your software up-to-date. While malware is written for "zero-day" flaws, that's hard to do and requires a lot of work on the part of scamsters. It's far easier to target old and known flaws, hoping that potential victims simply haven't updated with fixes that block those exploits. Don't be a victim. Update.

Then there's backing up your data. In a previous article, I talked about the 3-2-1 backup strategy. This recommends you have three copies of your data, two of which are on different devices, and one of which is offsite. But with the rise of malware, I advise a variant on that which I call the 3-2-1 off-and-away strategy.

I recommend you have one backup located in a machine that is powered off, resulting in a non-penetrable "air-gap" from the internet. If ransomware floods through your network, locking up all your data, you'll have one machine that can't be reached and where your data is preserved. (My colleague Wayne Rash discusses tiered backup in more depth here.)

Of course, if you're hit by ransomware, don't immediately turn on that "off" machine. Eliminate the infections from all your clients first. Then remove the network cable from the "off" machine and turn off your Wi-Fi router. That way, the infection can't jump to the insulated machine. Use a fresh drive in an external drive and recover data to that external drive. Then, turn that backup repository back off, and only then restore the data to the rest of your network.

This article won't get you all the way to preventing and recovering from ransomware. But what we want you to take away is that this threat is very real. You need to use caution and make preparations.

Wrapping up

In a previous article, I talk about some really good Dell PowerEdge server options to use as home or backup servers.

It's important to point out one other benefit of buying your gear directly from Dell. Dell has a deep bench of very well-trained support folks who can help you at all levels. Dell Technologies Advisors can help you to tackle your toughest securities challenges so you can focus on growing your business. Call at 1-855-404-4427 or Chat Now