Tech Audits and Other Security Essentials to Protect SMBs from Ransomware

Mar 22, 2024

If a company as large as Change Healthcare failed to thwart a ransomware attack, what can small businesses do to ensure they do not become the next victim?

If you own a small business, you might think that the vast majority of business technology doesn’t apply to you. However, with over 97% of people now using online sources to find service providers in their area, it is now essential that you maintain an online presence.

If you are using digital systems to store your business data without proper security measures in place, you could find yourself the victim of a nasty cyberattack like ransomware, which experts believe will only get worse as bad actors develop more sophisticated methods.

So how can small businesses with equally small margins protect their data from cybercriminals without breaking the proverbial bank?

Understand the Threat

An oft-repeated reply when someone asks which antimalware offers the best protection is “common sense”. This advice is similar to what the US Chamber of Commerce believes is the first thing small business owners must do to protect their data.

On its website, it explained that phishing is often the cause of a ransomware attack, and for a business to spot a phishing attempt, its employees must be trained to identify the many forms it could take, such as a suspicious link or email.

Are you and your employees savvy enough to recognize these threats? One fairly recent survey found that one in five Americans is not so confident, and a third admitted they had accidentally clicked a phishing link.

As a business owner, you can’t be too careful.

Take Advantage of Tech Audits

Aptica, a managed IT provider that works with small businesses, advises business owners to take advantage of technology audits that are often provided at no cost by third-party IT companies.

These audits offer small businesses a way to identify vulnerabilities in their security postures and areas of improvement. “And because tech audits are performed by IT professionals who face all sorts of cyberthreats on the daily, business owners can expect to receive the most up-to-date information,” the group said.

Aptica wanted to improve access to this service, which is why it spearheaded the Midwest Small Business Digital Success Initiative, an ongoing program where it provides free audits to businesses in its native Angola, Indiana, and nearby cities like Warsaw, Monroeville, Wabash, and Decatur.

Backup, Backup, Backup

Another piece of advice repeated ad nauseam is “backup, backup, backup”. But how does this work exactly? Is buying a couple of terabytes' worth of external storage enough?

A tip given by ESET’s cybersecurity publication is to first identify the data that merits a backup, prioritizing the data that will impact your business the most if held hostage by bad actors. When it comes to the actual storage method, a system the author recommends is the "3-2-1" rule, which calls for the creation of three copies: one off-site and two stored in two different storage types.

In a 2023 article on the subject of backups and ransomware, BizTech argued that due to the growing sophistication of attacks, traditional methods of storage might not be enough. This is why it recommends immutable storage for those who want to be extra sure.

Immutable storage, as the name implies, protects data from modification or tampering for a certain time. Accessing this type of storage involves costs, as it is a cloud service offered by the likes of IBM and Microsoft through Azure.

Is this level of protection something that you should consider? A cybersecurity audit should be able to help you take the best course of action.

This content is provided in partnership with Aptica, LLC and is intended for informational purposes only. The views, opinions, and advice expressed in this article are solely those of Aptica, LLC and do not necessarily reflect the views or policies of any other individual, organization, or entity. 


Web Analytics