Ransomware attacks on small businesses are on the rise; best practices for preventing one.


Here is a great up to date article

By Andy Medici  –  Senior Reporter, The Playbook,


Small businesses are increasingly a target-rich environment for cyber criminals, scammers and ransomware groups — and an attack can cost business owners plenty.

Nitin Natarajan, deputy director for the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security, spoke with The Playbook about the rapidly evolving threats in the cybersecurity landscape and what business owners can do to protect themselves.

“At the end of the day, we are all potentially vulnerable. The days of only being worried about large organizations are gone,” Natarajan said. “We are seeing phishing attempts, ransomware against small local governments, small businesses and medium-size businesses around the nation.”

Just in 2021, the FBI received nearly 20,000 complaints about business email compromise scams and attacks with losses of about $2.4 billion, according to a recent report. Those scams involved hijacking existing email accounts and asking for money or critical information that is then used against the business.

Data from AdvisorSmith found 42% of small businesses experienced a cyberattack in the last year, while 69% are concerned about cyberattacks in the coming year. The most common form of cyberattack reported by small-business owners was phishing attempts, while the next most prominent was data breaches.

Natarajan said the potential list of victims is growing exponentially as hackers become more sophisticated. While in years past, it was easy to tell a phishing attack from its bad grammar or spacing, these efforts are now much harder to spot.

“But now we have ransomware-as-a-service. If you wanted to start your own cyber-terrorist organization, you used to have to know people,” Natarajan said. “You don’t have to do that anymore. Now all you need is bitcoin and an enemy, and you can hire people to do this for you.”

He offered some basic tips on how to start preparing your business.

  • Don’t tape your passwords to your keyboard: That’s not meant to be dismissive, according to Natarajan. Small-business owners need to up their game when it comes to their login information. Opt in to multi-factor authentication whenever possible. Choose banks, vendors and services that offer higher levels of security as part of a conscious effort to protect your own personal information and those of your business or employees.
  • Think before you click: Take a moment to read through emails or messages before clicking any link, Natarajan said. Take a look at the sender’s email address to ensure that it is coming from the business or person they claim to be. Hover over any links to see where the destination is. When in doubt, take a minute to think critically about it.
  • Understand the risks: Every business owner needs to both understand the risks and work to mitigate them through software or other best practices, Natarajan said. But once those are done, business owners need to be aware of remaining risks and consciously opt into them in order to be prepare for whatever might happen.
  • Explore cyber insurance: Not every business needs to have cyber insurance, and that type of insurance is often becoming harder to get or qualify for, he said. Think about where you sit in the supply chain and where your services or products are going. A bakery with a point-of-sales system might not need cyber insurance, but a firm whose parts or expertise goes into critical equipment or infrastructure might want to explore their options.
  • Look at your suppliers: Try to find out how secure your critical suppliers are. While that information is not easily available, the last thing you want is a vulnerability that is passed along to you by a service provider.
  • Visit CISA.gov: The website is full of resources for small business owners written in a non-technical manner, Natarajan said.  They help define terms such as phishing and offer simple steps for laypeople to both educate themselves and their employees.

“The ransoms that they are asking for have the potential to bankrupt small businesses. When it’s a small business that’s been in a family for generations, you don’t want to be the reason something has happened,” he said.

A majority of small-business owners and business leaders believe a cyberattack on their own company is inevitable — but many haven’t taken steps to prevent an attack.

That’s according to the Travelers Insurance 2022 Travelers Risk Index, which found 59% of business leaders worry a great deal about cyber threats. That echoes other surveys that have found cybersecurity is one of the top concerns for business owners, even at a time of elevated inflation, recession fears and hiring challenges.

Small Business Administrator Isabel Guzman said back in May that cybersecurity was a big challenge facing business owners. She also said the agency wanted to help small businesses prepare for and deal with cyberattacks, adding that about 25% of small-business owners are impacted by the issue and the average cost of that fallout is $25,000 — and half of the affected small businesses don’t end up surviving.

Earlier this year the SBA rolled out a new $3 million pilot program to help small businesses develop stronger cybersecurity protections.



Entrepreneurs will save the world, and we want to help.  In the Argent Place Laws vision of a perfect world, every household will have at least one entrepreneur.