Ransomware attacks—a cyber crime where a hacker will block access to files or software you need until you pay them to unlock it—have become more common in the past few years. In 2021, financial institutions in the U.S. lost nearly $1.2 billion from ransomware attacks. That’s more than a 200% increase from the year before. And in 2023, the global annual cost of cyber crime is predicted to top $8 trillion USD.
If you run a small business, chances are you’re at risk. A ransomware attack isn’t just extremely stressful and disruptive to you as a business owner, but it can be very expensive as well. But don’t worry, we’re here to help with advice on how to prevent an attack, and what to do if you’re hit by one.
Why are Canadian SMBs experiencing more cyber attacks in recent years?
The rise in ransomware and other cyber attacks is due to a variety of reasons. However, there are 2 major changes that are the cause of many of today’s cybersecurity issues:
- More people are working remotely, making businesses more vulnerable to cyber crime than ever before. As of May 2021, over 20% of Canadian employees work remotely. Cyber attackers can steal sensitive data by reaching business assets from any device connected to a home network.
- Heightened geopolitical tensions, such as the war in Ukraine, rising inflation and issues caused by the pandemic, have created more opportunities for cyber criminals. That’s because the most vulnerable organizations are ones that are in decline. With the possibility of a global recession, ransomware attacks are expected to continue rising.1
Why are SMBs being targeted over larger companies? That’s because smaller targets tend to have weaker security than big corporations, and attacks on SMBs tend to get less media coverage. That makes businesses with less than 1,000 employees prime targets for ransomware attacks.2
Protect your small business with our cybersecurity tips
The best way to deal with a ransomware attack is to do everything you can to avoid it in the first place. Here are a few ransomware protection best practices to help you do that.
Knowledge is power
Make sure your whole team is cybersecurity smart. Cyber attacks try to exploit people to get past your antivirus software and firewalls, because it’s easier to trick them into downloading ransomware under the guise of legitimate business inquiries. Everyone that works for you should be well-versed on avoiding phishing schemes, spotting suspicious files and knowing how to identify a threat. Hold regular cybersecurity training sessions to get everyone up to date.
Keep software updated
While antivirus software is the most effective form of protection, it’s only as good as its most recent update. Because malware is constantly evolving, make sure you update your antivirus software regularly to stay protected from the latest threats.
Backup and test everything
It can feel redundant, but if you’re ever hit by a ransomware attack you’ll be thankful you backed up your files. Always make sure you have a backup of all your data, stored separately from where the originals are held—ideally, a cloud-based solution that has built-in security. Since ransomware attacks don’t give the attacker access to the content of your files and documents, the real problem with this kind of attack is being locked out of your own files. If you can access a backup file, then the need to retrieve the original is a lot less pressing. To save time and make this process even easier, there are software solutions available that will perform automated backups.
What to do if you’re hit by a ransomware attack
Firstly, don’t pay the ransom. There’s no guarantee they’ll actually restore access to your files after you pay. One survey of Canadian businesses found that only 42% of organizations who paid the ransom had their data completely restored.3 You also make yourself a more likely repeat target if attackers learn that you’ll pay. Instead, we recommend contacting your IT department or support centre immediately. They can help contain and back up any important files. You should also report the incident to your local law enforcement, the Canadian Centre for Cyber Security and the Canadian Anti-Fraud Centre.
Here’s the good news
You’re armed with knowledge now, which already lowers your risk of being counted among the growing number of small businesses that are hurt by ransomware attacks each year. But here’s the catch: these cybersecurity tips are only as good as the actions you implement because of them. Fortunately, with so many tools at your disposal, you can implement a layered security system to prevent attacks and help you recover from them just in case. Looking for more ransomware protection best practices? Check out our top 5 cybersecurity tips for small businesses.