According to Trend Micro, a premier online security expert, incidents of ransomware are exploding in 2016. They’ve declared 2016 “the year of online extortion.” Sounds scary and expensive, especially if you are a small business owner. How do you keep your company’s valuable files and customer data safe and out of the hands of malware attackers?
What is Ransomware?
Ransomware is a malicious online virus. Once it gains access to your computer, it quickly spreads throughout all files on your server and hard drive and encrypts them, rendering them unusable. Most of the time, the user is completely unable to access their files. After the virus has done it’s dirty work, a pop up or other type of warning will appear on the computer screen demanding payment to unlock your files. The message is usually threatening in nature, and sometimes claims that the user has broken a U.S. law and therefore must pay a fine. This is, of course, false; it is a criminal scam.
Why does it work?
Why don’t users just automatically report these ransomware attacks to the police or other authorities? Most of the time, the reason users go ahead and pay the hacker is fear. Businesses fear the loss of their customer data and other valuable files. They also fear bad publicity if they report the crime and the public discovers they were hacked. Small businesses usually cannot afford to be locked out of their files for many days or weeks, and thieves exploit that fact. For these reasons, hackers actually target businesses over individuals for ransomware attacks.
How does Ransomware get access to files?
The most common way (76% of attacks) ransomware enters a computer system is through a Trojan horse email attachment. Other methods of access include maladvertisements, usually in the form of pop up ads, and infected websites and software downloads.
How can Ransomware be avoided?
Do small businesses have to hire a sophisticated online security expert to avoid ransomware? Usually not, most attacks can be avoided by strictly adhering to these common sense rules:
- Back up your data and all your files, and do it regularly. Store a copy of everything offsite or on an external device.
- Get reliable, reputable antivirus software. Have updates installed automatically so your software is always up to date. Some small businesses may see this as an unnecessary expense, but it is well worth it. One ransomware attack could cost thousands, with no actual guarantee that your files will be restored intact.
- Use long, complicated passwords and change them at least once per month. We recommend the LastPass app to keep track of your passwords securely.
- Do NOT download software from anyone except the most reliable sources.
- Do NOT open email attachments from unknown or lesser known sources, especially if the email was unsolicited. We recommend never clicking links within an email; use your browser to go directly to a website instead.
- Restrict web access to employees who do not need unrestricted access to do their jobs. This can be accomplished through browser settings or business filters that also monitor employees’ browsing history.
- Consider Ad Blocking software or a Chrome extension. According to Advertising Age, ad blocking users will grow by 34% this year, mostly due to the drastic increase in malware attacks.
The best advice we can give small business owners is to train each and every employee and computer user about best practices online. Even if you think these rules are common sense, it is worth company time to ensure that all employees understand the rules.
Would you pay a ransomware attacker if you were hacked? Have you experienced a ransomware attack? Share your wisdom in the comments section. We’d love to continue the conversation with you.