Ransomware is the disaster most small business owners worry about, and for good reason. It locks up your files, halts your operations, and demands payment to (maybe) give your data back. But ransomware is not magic. It almost always enters through a small number of well-understood doors. Close those doors and you avoid the most expensive day your business could have.

How ransomware gets in

CISA's guidance, built with the FBI and NSA, organizes ransomware around the ways attackers first get access. For a small business, the common ones are:

  • Phishing emails. Someone opens a malicious attachment or link, and the attack begins. This is the most common entry point by far.
  • Stolen or weak remote-access credentials. Remote desktop and VPN logins that lack multi-factor authentication are a favorite target.
  • Unpatched software. Attackers scan the internet for known vulnerabilities in systems that have not been updated.
  • Compromised passwords. Reused or leaked passwords let attackers simply log in.

Notice the theme: ransomware usually relies on a person or an unlocked door, not a technical masterpiece.

How to keep it out

The defenses are practical and within reach of any small business.

Lock the doors attackers use.

  • Turn on multi-factor authentication everywhere: especially email and remote access.
  • Keep software and systems patched and up to date.
  • Train your team to recognize phishing.
  • Limit access so each person can only reach what their job requires.

Prepare so an attack is survivable.

  • Keep tested backups that are kept offline or otherwise out of reach of your main network, so they cannot be encrypted along with everything else.
  • Use modern endpoint protection that watches for ransomware behavior, not just known viruses.
  • Have a written incident response plan so the team knows who to call and what to do.

Why backups are the real safety net

Every other control reduces the chance of an attack. Backups decide what happens if one succeeds. A business with current, tested, isolated backups can refuse the ransom and restore its own data. A business without them is left negotiating with criminals.

The key word is tested. A backup you have never restored from is only a hope. (We cover this in our article on testing backups.)

If it happens

Disconnect affected devices from the network immediately, do not rush to pay, and contact a professional. CISA recommends reporting ransomware incidents, paying a ransom is no guarantee of recovery and may invite repeat attacks.

Ransomware is preventable far more often than businesses realize. If you would like an honest assessment of where your business is exposed, and a plan to close those gaps, the Flexnet Networks team can help.

Sources