July 15. By Chris Ahearn. The cyberattack on Colonial Pipeline disrupted everyday life for millions of Americans, but small- and mid-size businesses are just as vulnerable.

When Marilyn Celenza Cunningham walked into her office in 2017, she never dreamed she wouldn’t be able to access her files. Within moments, she learned her Huntersville-based Good Clean Fun was being held for ransom by cybercriminals and she would have to pay more than $4,000 in bitcoin to regain access to the business’s systems.

“It was emotionally gut wrenching. You don’t know who has your information,” recalls Cunningham. “We had corporate customers and were worried about their data being out there as well as ours.”

Many attacks go unreported

Cyberattacks are all too common today and the risk is increasing. While big company ransomware attacks make the news, small- and medium-sized businesses are actually bigger targets and issues often go unreported.

According to a 2019 Verizon Data Breach Investigations Report, small businesses represent 43 percent of all data breaches — often because they fail to put proper defenses in place.

Security is complex

“It’s like a car accident—most people think it will never happen to them,” says Taylor Busby, vice president of sales and marketing for managed IT services provider SeedSpark.

“Gone are the days when simple security software could stop a hacker. The good news is the cost of adding the right technology is almost always less expensive than the cost of a data breach,” Busby said.

Six steps

Busby recommends six steps small businesses can take to protect themselves from ransomware attacks:

—Actively manage and maintain your data backups. If your system is compromised, frequent backups minimize data loss and help get your system up and running as soon as possible.

—If you have security software, make sure it’s updated frequently and tested regularly. Don’t ignore software update reminders. Security measures must be up to date.

—Create a business continuity plan. Think in terms of a phased response to help your company detect, respond, and recover from an attack. For example, if your point-of-sale systems are frozen, are employees empowered to transact with cash and keep paper records?

—With 93 percent of people using smartphones for work each day, mobile device management allows an IT team to update and protect your handheld device.

—More than half of cyberattacks begin with a simple phishing email. Learn how to identify phony emails and teach employees how to recognize one and report it right away.

—Create strong passwords with unique and random characters, numbers and special symbols. Above all, use multifactor authentication on each account to create a strong first line of defense.

Lesson learned

In Cunningham’s case, no information was compromised and access to company data was restored once she paid the ransom. But she says it was a big lesson learned – and the economic cost could be devastating for small businesses.

“You don’t think it can happen to you,” Cunningham says. “No matter how small you are, it’s worth looking at investing in protecting your data.”

Pointers

To choose a managed services provider, businesses should look for one that is available when needed, with fast response times.

“Even the best business owners are often so busy building and managing their day-to-day business, they don’t take time to look into security measures they need. A good managed services provider can assess those needs and make recommendations about steps to keep it safe,” Busby adds.