I recently had an unnerving encounter with a hacker. As I scrolled through my morning email per my usual workday routine, I found myself staring at a threat letter demanding $987 (don’t even ask). If they didn’t receive their payday in eight days, they would reveal unsavory videos of me along with personal information to all my social media contacts. Of course, I immediately turned the email over to our IT Swat Team. Their swift response was, “The sender's IP address is originating from Moldova. They were able to bypass our anti-spam trap because they spoofed one of our domains (your email address), and we have our domains whitelisted.”
Lucky for me I had a cybersecurity resource to come to my rescue. But for most small-business owners, which encompasses the vast majority of our locksmith community, there’s no cyber-safety net when hackers come knocking. That’s a frightening prospect when you consider that Department of Homeland Security Secretary Alejandro Mayorkas revealed in a May statement that 50–70% of ransomware attacks target small and medium-size businesses, costing victims an estimated total of $350 million in 2020.
Even more distressing is that an estimated 60 percent of small businesses will fail within six months because of a ransomware attack, according to the National Cyber Security Alliance. However, even if a small business survives, more than 80 percent will become victims a second time.
My ransomware threat was little more than a personal nuisance, which was remedied quickly, but a ransomware attack on your locksmith operation could hold your business hostage. Implanted malware would encrypt your customer information, your financial records and inventory data. And you might be more vulnerable if employees work from home.
No matter how small your business, you’re a potential ransomware victim. In a recent Inc. magazine feature, cybersecurity experts shared best practices for small-business owners that might enhance their security posture.
Charles Horton, chief operating officer of cybersecurity firm NetSPI, implores small businesses to have solid data-backup strategies in place to help to minimize the effect of a breach. But he warns that recovery isn’t guaranteed or automatic and that it would be wise to figure on contingencies if business operations are interrupted. He recommends a cloud-based backup for off-site data storage.
In the event of a ransomware attack, even the smallest business should have an action plan as it pertains to informing employees and possible vendor partners, knowing where your company’s backup data is located and knowing your course of action if that backup is compromised.
The bottom line: If your business falls victim to a ransomware attack, even if you pay, there’s a 92 percent likelihood that all the hijacked data won’t be returned, says cybersecurity firm Sophos. With that in mind, it’s important that you as a small-business owner realize that, even at your level, a ransomware attack could cost you money or your livelihood if the threat isn’t taken seriously.
