Small businesses often don’t get their files after paying ransom

In the past 12 months, 20% of small and medium businesses (SMBs) in the US reported a ransomware attack according to a survey commissioned by Bitdefender, a security technology company. The survey participants were 250 IT professionals at SMBs. Sadly, of that 20% of SMBs, close to 40% said they paid the ransom but were not able to recover their data.

The ransom amount was an average of $2,423. There are reports of ransoms being significantly raised, if the data is highly valuable, such as medical records. Ransoms of $10,000+ have been demanded in some instances.

The volume of attacks continues to increase. Ransomware attacks on businesses grow 50% in 2016. The 2017 Verizon annual cybersecurity report stated 61% of targeted companies have fewer than 1,000 employees.

The main cause of infection continues to be phishing emails. Another significant cause is USB drives used. Ransomware can be easily transported from a home computer to a business network using a USB drive.

What Your Business Should Do

Back up, back up, and back up. Do it frequently, as least daily for data that changes quickly and even several times during a day if your critical data changes that frequently. Be redundant in your back-ups. Having several copies, stored in different locales such as on site, off site and in a cloud can provide peace of mind when a file doesn’t restore correctly.

If you have employees that work remote or at home periodically, install secure communications protocols such as a VPN or a business file share system.

Prohibit employees connecting personal devices to their work computer.

Continually remind employees to not open suspicious emails or attachments.

About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.