New Paragraph

The Cost of Ransomware Attacks to Businesses

Dec 08, 2020

As technology innovates, more small businesses are leveraging tools and software that help with processes. Unfortunately, it’s these same investments that are leaving organizations of all sizes open to bad actors. The truth is that cybercriminals will always manage to find a back door and make it their job to be one step ahead of you as a business owner.


Ransomware attacks are just one example of a threat to your business — they’re common and they can be incredibly costly and eat away at your profit margins. In fact, the average cost of a ransomware attack on a business was $713,000 between the loss of business due to downtime and the harm to its reputation. Many businesses also report that it can be anywhere from three to five days before any digital files can be accessed.


What Is Ransomware?


Ransomware is malicious software (malware) that is deployed through your IT infrastructure and quite literally holds your data hostage. There are two very common approaches to ransomware that cybercriminals choose; encryption and screen lockers. Encryptors “jumble” data in your system, asking for a ransom in return for a key that will allow for decryption. Screen lockers will simply block you from accessing data with a screen that will only be unlocked with the payment of ransom.


Part of what makes ransomware so common is that it’s easily disguised in email links or attachments and then will spread quickly. Poorly protected business networks are also a prime target for ransomware, which is essentially an automated process that doesn’t take much (if any) technical skill to deploy and manage. Employees can easily be fooled into downloading programs that may seem like work-related tools but in fact “worm” their way through the network looking for holes to burrow in. This makes regular training and continuing education about ransomware a necessity.

How Do I Protect Against Ransomware Attacks?


Having a robust ransomware protection plan in place should be an on-going process that takes top priority. This plan needs to cover everything, from employee training for ransomware prevention to actionable tips that help maintain business continuity should an attack occur. There should also be a clear chain of communication to help navigate through a ransomware emergency, and the plan should be regularly reviewed.


Your business also needs to shore up IT infrastructure and best practices. Data backup should be performed consistently and firewalls should be put in place to close up vulnerabilities that cybercriminals can slip through. Restrict the software that employees can download to your business network, and patch the approved tools regularly to fix any security bugs that often go missed during development. It’s important to create a culture of safety for everyone, from top to bottom. 

Should I Pay The Ransom?


Even with prevention and detection in place, ransomware attacks can still happen. There’s no guarantee that businesses will get the data back if they do pay the ransom, but those that do decide to make the payment face less downtime. Ransomware payments generally involve cryptocurrencies like bitcoin, which is nearly impossible to track — great for criminals, but not great for those who need to make sure the payment was completed.


Also, the US Treasury Department has imposed sanctions on individuals and groups that have been found guilty of deploying ransomware attacks, effectively making it illegal for businesses to pay the ransom. The consequences can be staggering:


“A number of those sanctioned have been closely tied with ransomware and malware attacks, including the North Korean Lazarus Group; two Iranians thought to be tied to the SamSam ransomware attacks; Evgeniy Bogachev, the developer of Cryptolocker; and Evil Corp, a Russian cybercriminal syndicate that has used malware to extract more than $100 million from victim businesses.


Those that run afoul of OFAC sanctions without a special dispensation or ‘license’ from Treasury can face several legal repercussions, including fines of up to $20 million.”


If you haven’t done so already, it’s time to complete an audit of what kind of safety net you currently have in place. A third-party coach or consultant can help take the results of that audit and turn them into action items, helping to create a new plan, training systems for employees, and even connect you with insurance providers that offer specific cybersecurity and business continuity protection.


Getting a third-party perspective is as easy as reaching out to our team. With The Alexander Group, you can rest assured that you are working with a business coach who has sat in your chair. We’ve faced everything you face as a business owner — including ransomware.

What Small Business Owners Need to Know About Email Authentication Requirements

08 Mar, 2024
Have you been having trouble sending out bulk emails and email blasts recently? Are you suddenly having deliverability issues with clients and vendors you've been emailing for years? If so, you're not alone — Google and Yahoo rolled out new DMARC requirements in February, creating headaches. We have heard that many of our small business owner clients and their IT departments are having such headaches.  To investigate this issue, we have leaned on IT expert and long-time TAG peer board member Fred Moore of Moore Computing. Fred has walked us through changes to DMARC and offers advice on how small business owners can get their emails back into the inbox. While DMARC changes have thrown many into a temporary tailspin, the changes represent a move to safer and more secure email communication for all parties. Let's discuss what small business owners need to know about DMARC, how they can ensure their emails reach customers' inboxes, and how to keep their business digitally secure. What is DMARC? Cybersecurity measures are similar to cars: most of us drive one daily, but most are unable to lift the hood and understand exactly how it runs. Most of us rely on cybersecurity measures to keep our businesses safe online, but we may need help understanding the technical elements that keep us safe. That said, all small business owners should have a general background in cybersecurity, and DMARC is a great place to start. DMARC stands for "Domain-based Message Authentication, Reporting & Conformance." The idea behind DMARC is to limit the volume of scams and phishing on the internet. DMARC works with SPF and DKIM. SPF (Sender Policy Framework) is a list of services and servers that are authorized to send emails on behalf of your domain, and DKIM (DomainKeys Identified Mail) is a digital seal that verifies the content of your email hasn't been altered or tampered with. DKIM is also able to withstand email forwarding, whereas SPF can not. Senders and Recipients At its core, DMARC validates the authentication of the sender of an email message. When there are deliverability issues with a message, it usually falls back on the sender. Small business owners know the importance of getting marketing campaign emails and other communications into their customers/clients' inboxes; to accomplish this, it is crucial to follow all protocols to ensure you have the best chances to reach customers' inboxes at an optimal place (i.e., not the spam folder), and avoid spam complaints. How does your email make its way to recipients? It follows a basic flow: ● The email is composed and sent ● The sending mail server will add DKIM ● The email is sent to the recipient's server ● Validation tests begin, checking DKIM, SPF, and DMARC policies ● The email either passes, is quarantined, or is blocked/deleted ● If the email passes, it goes through the recipient's user filters and inbox rules

The Costly Mistakes of DIY: Why Small Business Owners Should Invest in Professionals

11 Jan, 2024
Running a small business is a challenging task. It requires dedication, hard work, and juggling multiple responsibilities. Often, small business owners try to cut costs by taking on tasks themselves, even if they are better off calling a professional. While the intention may be to save money, the reality is that DIY can lead to costly mistakes and legal pitfalls. Let's explore the common mistakes small business owners make when they opt for a do-it-yourself approach and why investing in professionals like lawyers, accountants, and general contractors is crucial for long-term success. The Myth of Saving Money Many small business owners believe that handling tasks themselves will save them money in the long run. However, this is often a misconception. While it may seem cost-effective initially, the lack of expertise and knowledge in critical areas can lead to costly mistakes that can ultimately hinder the growth and profitability of a business. The Value of Professional Services Professional services, such as lawyers, accountants, advisors, and general contractors, bring expertise, experience, and a deep understanding of industry regulations. They can provide valuable guidance, prevent legal issues, and help small business owners make informed decisions that align with their long-term goals. Most of the time, business owners don't consult with their advisors because they are wary of spending money on bills from their advisors on top of other expenses. The phrase "You can pay me now, or really pay me later" comes into play in these situations. Business owners should not be afraid to discuss money and bills from professionals with their advisors, and they should properly compensate advisors for their time. Complaining about spending a few thousand dollars to review a $20,000,000 contract can cost hundreds of thousands due to difficult payment and dispute resolution terms.  Protecting Your Intellectual Property Intellectual property (IP) is a valuable asset for any business. Failing to protect it can lead to brand confusion, loss of revenue, and legal battles. Trademarks, copyrights, and patents should be filed appropriately and protected to ensure exclusive rights to your brand name, logo, or product design. How Professionals Can Help Lawyers specializing in intellectual property can guide small business owners through filing the necessary documents and paying the required fees. They can conduct an IP audit to identify and protect essential assets, develop IP protection strategies, and enforce IP rights if violations occur.

What Business Owners Can Learn From Al Pacino’s Locker Room Speech in “Any Given Sunday”

09 Oct, 2023
In the 1999 film “Any Given Sunday,” directed by Oliver Stone, Al Pacino delivers a powerful and memorable locker room speech that has resonated with me for years. The speech, delivered by Pacino’s character, Tony D’Amato, before a crucial football game, encapsulates the essence of the film and the themes it explores. While the speech is specifically about football, its underlying message can be applied to various aspects of life, including business. The idea of fighting for inches, continuously improving, and eliminating mistakes is a powerful metaphor for the importance of perseverance and adaptability in business. It highlights the value of small victories, incremental progress, and the relentless pursuit of excellence. For business owners, the speech serves as a reminder to focus on the details and the small wins that can accumulate over time. Just as a football team must fight for every inch on the field, a successful business must be diligent in managing its resources and seize every opportunity for growth. It emphasizes the importance of building a team that shares the same values and is committed to continuous improvement. Think of it in terms of all the inches and seconds around us in business and how $200 here and $50 there adds up. The whole concept of continuous improvement, eliminating mistakes, and fighting to get better is what I believe Oliver Stone intended when he wrote it. I love it as much today and as when I first saw it and the metaphor of getting into business and being profitable. You can read the transcript here . Or watch it here:
More Posts
Share by: