Cybersecurity for SMBs: Protecting Your Business from Ransomware

Ransomware is one of the most dangerous cybersecurity threats facing businesses today. For small and medium-sized businesses (SMBs) without dedicated cybersecurity staff, the idea of protecting against ransomware can seem overwhelming, if not impossible. However, implementing basic measures can go a long way in safeguarding your operations. This guide focuses on practical steps SMBs can take to fortify their defenses, with an emphasis on identifying and protecting critical assets using the NIST Cybersecurity Framework.

The NIST Cybersecurity Framework for Small Businesses

The National Institute of Standards and Technology (NIST) offers a robust framework to guide businesses in managing cybersecurity risks. The framework consists of five core functions: Identify, Protect, Detect, Respond, and Recover. For SMBs starting their cybersecurity journey, focusing on the Identify and Protect phases is the most impactful.

Identify Phase:

• Take stock of all the tech and data you use for business operations
• • We must know what assets we’re protecting
• Map out the interconnections between systems
• • Which of these assets talk to other assets?
• Understand risks associated with each asset
• • Hardware:
  • • Are assets, like laptops, physically secured? How?
    • Who has access to these devices?
    • Are work assets only accessed on a work device, or are personal devices also a factor?
  • Software:
  • • Is your operating system (Windows, Linux, MacOS) up to date?
    • Do you have antivirus installed and how often is it run?
  • Data:
  • • Is critical data stored with, or processed by, a third party?

Protect Phase:

• Implement firewalls and antivirus software
• Strengthen access controls
• • Know who has permission to which assets?
• Establish data encryption
• • Is critical data encrypted in-transit (when communicating over the Internet with others) and at-rest (when sitting in a database or a spreadsheet)?
  • • Recall that encryption is a technique to transform plain text data into unreadable ciphertext that looks like gibberish to anyone without the right key.
  • Which encryption methods are used and are they appropriate for your use case?
• Establish regular backups
• • Do you use the 3-2-1 rule?
  • If backups aren’t refreshed periodically, the gap between current operating data and the backup data could result in significant downtime when trying to return to normal.
• Plan for breach response
• • If a breach should happen, what is the plan to get your business back to normal?

By systematically working through these phases, SMBs can build a strong foundation for cybersecurity, but this can seem overwhelming to businesses that are just starting.

 

Start by Identifying Your "Crown Jewels"

Every business has critical assets—"Crown Jewels"—that are essential to operations. This could take the form a QuickBooks accounting file, Shopify store data, or PII (potentially identifiable information like a date of birth), proprietary software, financial records, or intellectual property. Identifying these assets is the first step in protecting them. It might feel like a lot, but you don’t have to do it all at once. Start small and build as you go.

Questions to Ask:

1. What data or systems are essential to running the business?
2. What would cause significant operational disruption if compromised?
3. What would have the most severe impact if leaked to the public or competitors?

By understanding what’s critical, you can prioritize security measures around these assets.

Access Control: Who Really Needs Access to What?

Access control is a key component of ransomware prevention. Limit who can access your Crown Jewels to only those who need it to perform their roles. This principle of "least privilege" reduces the risk of accidental or malicious exposure.

Best Practices:

• Start by listing who currently has access to your key assets and why.
• Use unique login credentials for each user – no shared accounts!
• Implement multi-factor authentication (MFA) for sensitive accounts.
• • Another source of authentication, aside from a password, helps validate the user is authorized to access that asset. If a password is compromised, the additional source provides another layer of security.
• Regularly review and update user permissions.

Keep an Eye on What’s Happening

Logging activities in your systems is essential for detecting suspicious behavior. While logs won’t stop an attack, they provide valuable insights to identify, investigate, and respond to incidents.

What to Log:

• Login attempts and access to critical systems.
• Changes to files or permissions.
• Unusual data transfer activity.

Pro Tip: Set up automated alerts for anomalies such as repeated failed login attempts or data access during odd hours or from odd locations.

Backups: Your Secret Weapon Against Ransomware

Backups can save your business in the event of a ransomware attack. The ability to restore operations quickly and without paying a ransom makes a solid backup strategy a cornerstone of your defense.

Backup Tips:

1. Use the 3-2-1 rule: Keep three copies of your data, on two different media, with one copy stored offsite.
2. Test backups regularly to ensure they’re functioning and up to date.
3. Backups must be isolated from the main network to prevent ransomware from spreading to them.

Help Your Team to Recognize Social Engineering

Human error is a leading cause of ransomware infections. Social engineering tactics like phishing emails are often used to trick employees into clicking malicious links or downloading malware.

Training Tips:

• Conduct regular cybersecurity awareness sessions.
• Simulate phishing attacks and have a procedure to teach employees how to respond to a phishing email.
• Emphasize the importance of verifying requests for sensitive information, even if they appear legitimate.

Protect Data at Rest and in Transit

Ransomware thrives on exploiting unsecured data. Encrypting sensitive data ensures that even if it’s accessed, it cannot be used.

Steps to Secure Data:

1. Encrypt files and databases containing sensitive information.
2. Use secure protocols (like HTTPS) for data transfer.
3. Regularly update software to patch vulnerabilities.

Stay Compliant with Regulatory Requirements

Many industries have regulations that mandate cybersecurity measures. Whether it’s HIPAA, GDPR, or CCPA, compliance can also protect your business from ransomware.

What to Do:

• Identify the regulations relevant to your business.
• Check in regularly to make sure you’re following the rules that apply to your business.
• Document policies and train employees on regulatory standards.

Final Thoughts

Ransomware attacks are a growing threat, but they are not insurmountable. By taking the time to identify your critical assets, enforce access controls, maintain backups, and train your team, you can significantly reduce your risk. Start small, build your defenses, and as your business grows, so can your cybersecurity measures. Every step adds up to a stronger defense for your business. You can do this! Need further assistance? EquityTech Consulting is appreciated by our customers for providing help tailored to their organizations.

Stay tuned for our next post, where we’ll dive deeper into the Detect, Respond, and Recover phases of the NIST framework.