The Hidden Cost of Ignoring Cybersecurity

Computers and the digital cloud have become critical infrastructure for many businesses. However, utilizing proper cybersecurity to protect this critical digital infrastructure is often overlooked. Businesses need to think about protecting their access to their computers and their data in the same way a delivery business may have a backup delivery truck.

I encourage all business owners to consider what would happen if they suddenly lost access to their computers and all of their data. Digital technologies have become such an integral part of running a business that most operations would grind to a halt without them.

For the average business, ransomware is the primary cybersecurity threat. Ransomware gets its name because it infects a computer network, encrypting all of the data with a password that only the hacker knows. This encryption locks the data, making it inaccessible without the password. The hacker then holds the password to the data for ransom, only providing the password once the ransom has been paid. A virus like ransomware does not just affect conventional computers, it can also affect any device that is connected to the internet or on your local network such as a PLC controlling agricultural equipment. Ransomware is so prevalent that it is now a billion dollar industry with hackers even providing customer support to help a business get their data back once it’s paid the ransom.

The main attack vector for malicious software such as ransomware is phishing or, less commonly, plugging unknown devices into a network. Phishing attacks typically arrive as messages appearing to come from trustworthy sources, like a known contact, a bank, another business, or popular companies like Microsoft. These messages often contain a link or attachment that, when downloaded and opened on a computer, can begin infecting the computer. Additionally, devices such as USB drives can also introduce malicious software when connected to a computer.

Here are some considerations that you should discuss with your IT provider. If you happen to have one, do not assume that your IT provider is taking the proper steps to protect your business unless you’ve actually covered these points with them.

At a minimum, every business should maintain reliable backups of computers and data, ensuring they're protected from ransomware. Many businesses either lack adequate backups or rely on methods that ransomware can compromise, making data restoration impossible without paying the ransom. I strongly encourage business owners to verify their data backups are sufficient and safeguarded from ransomware attacks.

As a first line of defense, businesses should run antivirus and endpoint protection software on all computers. This software actively monitors systems to detect and neutralize malicious software before it infects the computer or spreads across the network.

Additionally, consider utilizing a proper firewall to protect your network. Just like a good fence on a farm keeps animals in and predators out, firewalls serve as barriers between your local network and the internet, controlling data flow and blocking suspicious activity.

It’s not uncommon to hear that a business is resistant to taking these steps because of cost considerations, but the cost of dealing with a malicious software attack such as ransomware often far exceeds the cost of these security measures. Many businesses also falsely assume that they’re too small or insignificant to be affected by something like ransomware, but a computer virus does not discriminate. Businesses with 1 computer all the way up to multi-national corporations have been affected by issues such as ransomware.

While there is no guaranteed protection against malicious attacks, taking the simple steps outlined above can dramatically reduce the risk to your business.