The list of major corporations victimized by ransomware added at least two new members this fall.
Ferrara Candy, the Chicago-based maker of Brach's Candy Corn, and Sinclair Broadcast Group, which owns TV stations in Idaho, Montana, Oregon, and Washington, both had their operations upended after being targeted by cybercriminals earlier in October.
Both companies worked with law enforcement to remediate issues resulting from the attacks on their systems, but the overall impact to their businesses is likely to be long-lasting. Ferrara and Sinclair are now taking steps many other businesses have taken before them as the number of ransomware attacks continues to trend up.
According to BBB Accredited Business Discovery Information Technologies, a new ransomware attack occurred every 11 seconds in 2020. Big corporations weren't the only victims either, as 46% of small businesses experienced a ransomware incident or security theft. In fact, small companies are proving to be easier targets as they lack the funds for cybersecurity. As these attacks keep increasing, small business owners need to focus on cybersecurity.
How does ransomware work?
Ransomware is malicious software or malware that prevents access to your computer's data. There several methods for malware to make its way into a business’s computer system. A few of the most common tactics include:
- Phishing emails target a company by attaching malware to an incoming message. If the receiver opens or clicks the included link, malware enters the system. Cybercriminals then have access to the system’s information and can hold it hostage.
- The Remote Desktop Protocol (RDP) links computers over a network connection. Using trial-and-error to obtain user credentials, or simply purchasing those on the darknet, hackers gain unauthorized RDP access to exploit systems and download ransomware.
- Software vulnerabilities allow cybercriminals to take advantage of security weaknesses in software programs and gain access to the company's system.
Could ransomware attack my small business?
Absolutely. According to the Cyber Readiness Institute, more than half of all organizations have experienced an online security breach, and two-thirds of small and medium enterprises (SME) who encounter a cyberattack fail to recover. Cybersecurity needs to be a priority for every company, regardless of size. Starting with a cybersecurity plan is the first step.
Here’s how to get started:
- Assign a cyber readiness leader.
- Train employees on basic security practices and how to spot phishing emails.
- Require unique passwords or, even better, a passphrase, and require resetting the password frequently.
- Use multifactor authentication, including security questions, a code sent to another device, a separate app, biometrics, or GPS location.
- Make sure your software is updated, your firewall is enabled, and set antivirus software scans automatically.
- Back up data to a separate location frequently.
- Establish appropriate internet use guidelines for your staff.
- Create user accounts for each employee and give administrative privileges only to trusted vital personnel.
- Have a remote workplace policy.
With cybercrime expected to exceed $5 trillion this year, securing your company's data should be a high priority. For most small businesses, having a dedicated IT employee isn't feasible; outsourcing your IT to a reputable, trustworthy company is a solution. Start your search at bbb.org.