These businesses may be small, but they’re a big draw for hackers.
Thanks to WannaCry, ransomware has taken the world by storm, without any discretion on whose computers it holds hostage. It’ll lock down hospitals, mailrooms, banks, schools — if it has a vulnerable computer with outdated software, it’ll fall under a hacker’s crosshairs.
It’s that outdated software part that makes small businesses the most prevalent victims. Your local pizzeria or hair salon doesn’t have its own IT department and probably isn’t aware of the latest patches for Windows — or even the latest version of Windows.
“If you’re a one-man shop, it’s often a nephew or a family member who does that,” said Robert Gibbons, the chief technology officer at Datto, a cybersecurity company. “Small businesses suffer because they don’t have the skill nor the infrastructure to manage this.”
Ransomware spiked from 2015 to 2016, and has become the fifth most common type of malware. The virus takes over computers and encrypts all their files unless victims pay up hefty sums. In 2016, one notorious ransomware demanded $28,730 from each victim. WannaCry has demanded $300 per computer, with the deadline looming on Friday.
If you’re a small business, you’re stuck between a rock and a hard place once ransomware strikes. If you don’t pay, all your records and transactions are lost, giving up crucial information your business needs to function. If you do pay, you’re feeding a growing beast and encouraging more ransomware attacks in the future. That is, if you can even afford to pay.
“For a small business, these costs of remediation are simply too high, and the possibility of continuing operations disappears,” said Brian Berger, the executive vice president of commercial cyber security at Cytellix.
The threat is real: Six out of 10 small businesses hit by cyberattacks will go out of business within six months, according to the US Securities and Exchange Commission.
Ransomware hits every small business differently. With the hair salon in Scotland, the stylists were locked out of their appointment data and had to confirm with all their customers on Facebook to see who was scheduled when.
Others might not be able to manage payments for hours. Gibbons said his company deals with 100 to 200 cyberattacks on small businesses a day — about 30 of which escalate to a more serious situation.
“There’s thousands and thousands of small businesses that are eating downtime or are paying ransoms,” Gibbons said. “It’s an underreported, giant tax on small businesses.”
What happens when you lose it all
The Clay County sheriff’s department in North Carolina is familiar with losing all its files.
When its server crashed in 2014, the county’s police officers lost all their records and spent four months putting it back together, but they’re still feeling the aftermath.
“When they had their server crash, there were criminals who walked because the documentation was no longer there, or it was inaccurate, because it was entered by hand,” Des Keller, an IT consultant with the department, said. “That puts criminals on the streets.”
The incident was a wake-up call. Keller saw that a similar situation could happen with ransomware, even if the sheriffs didn’t.
“We actually did hear that remark from our sheriffs. ‘Who would be interested in our little county?'” Keller said. “We pushed the protection because we’ve seen what it can do in other places.”
Not every small business can afford even a few hundred dollars a year on protection.
Cyberdefense on the cheap
Just because a small business has slim resources doesn’t automatically mean they’re screwed whenever a virus comes around.
Remember, the WannaCry ransomware spread through very preventable exploits. Setting a computer to automatically update for the latest security patches is free.
The best protection against ransomware is to always have constant back-ups, which would prevent owners from having to pay the ransomware and losing their valued files.
“There are plenty of cloud solutions that are very low cost, and very easy to use,” said Aviv Grafi, Votiro’s chief technology officer. “For very small businesses, you can use DropBox. I would recommend a solution like that for my mom.”
For a small business, they can’t afford not to consider these options.
Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.
Logging Out: Welcome to the crossroads of online life and the afterlife.
Do you have an unusual story to tell? E-mail email@example.com