How to Help Protect Your Business from Cyberattacks

Think your small business is safe from cybercriminals? Think again. Through phishing emails and ransomware, cybercriminals can infiltrate small businesses, often as way to gain access to their larger partner businesses. During the pandemic, when many employees worked from home, thieves took the opportunity to prey on small businesses through unsecured home networks.

It’s important for businesses to take the time to create or revisit their IT policies and procedures, as remote work continues and cyber criminals find new ways to penetrate systems.

Here are some tips for keeping your company safe from cyberattacks.

Beware of phishing and ransomware emails
Many employees can now easily spot a phishing email – an email from a purported trusted source that asks for personal or confidential information. Often these emails contain misspellings or come from email addresses that are just slightly off from the company that they are impersonating. But some employees can be fooled by particularly official-looking phishing emails.

Sometimes, these emails contain attachments or links that download malicious ransomware to the employee’s computer. The employee then receives an alert that their system has been locked or encrypted and access will not be restored until a ransom is paid, often in virtual currency.

Small businesses should train employees to spot and report these emails.

Employ best practices for authentication
Businesses should train employees on creating the best passwords – often, it’s as easy as combining three or more unrelated words with special characters. Leadership should also require employees working from home to use a VPN, which creates a secure network across the internet. Another suggestion: consider implementing a multi-factor authentication system, where employees must enter a passcode that is sent to their phone or email when they log in.

Scrutinize vendors and their cybersecurity practices
Unsecure vendors and partners can leave small businesses vulnerable to attacks. Owners and CEOs should do their homework on third parties to ensure their data security practices are comprehensive and consider including language in agreements requiring them to maintain cyber insurance. In addition, businesses that use third-party payment processors must ensure that those processors adhere to the Payment Card Industry Data Security Standard, or PCI.

Back up critical data
Backing up the most critical organizational data regularly, both on- and off-site, can help businesses be prepared to continue to operate during a cyberattack. This is probably the single-most important thing you can do to minimize the damage of a ransomware attack.

If a ransomware attack happens, take the right next steps

First, the IT team needs to identify the source. Then they must work to properly contain the ransomware to ensure it does not spread before remediating any additional vulnerabilities in the system. The business should then contact the FBI’s Internet Crime Complaint Center (IC3), which can help guide the business on how to proceed.

Companies must then decide whether to pay the ransom – a situation that in the majority of cases should be avoided if possible, but may be necessary, depending on whether the information needs to be recovered quickly. That said, even businesses who pay the ransom aren’t guaranteed a full return of data. Some 92 percent of those who pay ransom never receive all of their data back, according to the 2021 Sophos State of Ransomware report.