ransomware
Thought Leadership

Protecting your business from cybercrime: focus on ransomware

What is ransomware?

Malware is a form of malicious software that is designed to disrupt, damage, or gain unauthorised access to a computer system. Ransomware is a particular kind of malware that prevents you from accessing your device or the data you have stored on it. A ransomware attack is a stealth crime carried out by cybercriminals who encrypt your files and then try to extort payment from you – the ransom – to decrypt it, or in some cases, to prevent it being published online, often demanding cryptocurrency as payment.

SMEs at increasing risk of ransomware attacks

There have been some very high profile cases of ransomware attacks on large companies such as Royal Mail and the NHS, but smaller businesses need to be aware that they are increasingly at risk. While larger organisations may have bigger budgets and greater security when it comes to developing protection against ransomware, SMEs are now considered by criminals as ‘low hanging fruit’ and an easy win for them. Furthermore, the development of automated attack tools means even criminals without sophisticated tech skills can manage to pull off a successful ransomware attack.

As well as untold inconvenience, being a victim of ransomware can involve huge financial cost and damage to your reputation too. Some alarming statistics suggest that as many as 50-60% of businesses fold within six months of an attack. Simply paying up may be tempting, but as well as providing no guarantee of decryption, you are advertising to criminals that you are open to paying, which will mark you out as a promising target in the future too. This is why it is vital to take steps to protect yourself and reduce the risks of becoming a victim of ransomware as far as possible.

How does ransomware arrive?

Ransomware can arrive in a variety of guises, such as via a phishing scam, where you receive an email purporting to be from a reputable company that entices you to give up personal information, malicious attachments that you are encouraged to open, or links to compromised websites to name a few. 

Protect your business against ransomware

To protect your business, cyber security must be a priority. Regularly backing up your data removes the risk of total data loss and multi-factor authentication across devices is a powerful defence. Remember that your data and systems are vulnerable wherever your staff are working – in the office, at home or remotely. Education is vital for every member of your workforce and not just the responsibility of your IT team. Train your staff on how to spot a scam and they will be so much less likely to fall for one. Ensure your antivirus filters are robust and always kept up to date. Make sure your technical security is as strong as possible, including email and endpoint protections, such as firewalls.

Become Cyber Essentials certified

Every company should investigate becoming Cyber Essentials certified. Cyber Essentials is a simple but effective, government-backed and industry-supported certification scheme that sets out to protect organisations of every size, against a whole range of the most common cyber attacks, including ransomware. As well as providing a clear statement of the basic controls organisations should have in place to protect themselves against common cyber threats, it also helps reassure customers that a business’ IT is secure. In this way, you will reduce your vulnerability and increase your credibility at the same time.

There are two levels of certification and the cost varies according to the number of employees. Find out more about the scheme here.

Here at Highstream we have a managed security service to be vigilant over our clients’ infrastructure, minimising security risks and keeping your data and systems secure. We can also work with you to get ready for Cyber Essentials certification with a security audit.  We always rely on independent certification to show that you meet the Cyber Essentials standards. Discover more about these services here.

Contact us to find out more about how our team can assist you with your IT security.