Within hours, a cyberattack can disable your business all with just a click on a computer. Many organizations don’t realize that cyberattacks have become increasingly common in businesses of all sizes and can cause an organization’s computer system to shut down for days or weeks. Company financial data and customer information can be stolen before you even know a cybercriminal has accessed your computer system. Even worse, a ransomware attack can leave a business with no choice, but to pay a significant ransom to a cybercriminal before a business can even start to get back up and running.  

What is a cyberattack?

A cyberattack is when a cybercriminal or group of criminals access your business’ computer system/computer network with the sole intent to wreak havoc on your business by shutting it down, causing the business to lose revenue, and/or to lose customers.  

The cybercriminal will steal information, including customer credit card numbers and other Personally Identifiable Information (“PII”) and sell it on the dark web, which will result in identity theft for your customers. It’s also not unusual for a cybercriminal to hack into an employee data base and put your employees at risk for identity theft as well. Once the cybercriminal is inside your computer system, they can see and potentially steal all types of information, including propriety business plans, financial information and confidential data. They see it all. 

In a ransomware attack,  a cybercriminal steals customers’ PII and threatens to disclose it or sell it on the dark web, if the business does not pay a “ransom” to the cybercriminal. During a ransomware attack, the cybercriminal “encrypts” (freezes and shuts down) a computer system, including any software used to run the business. They literally hold the business’ computer system hostage until a ransom is paid.  

The cybercriminal leaves a “ransom note” and sets a deadline for payment of the ransom, which usually needs to be paid in crypto currency such as bitcoin or monero. Then the race is on for you to try to “decrypt” (unfreeze and get back up and running) before the cybercriminal increases its demand or just disappears leaving you with a  dead computer system and with no access to your data.

Who are these cybercriminals? 

Cybercriminals, like all criminals, come from all walks of life and commit cyberattacks for any number of reasons. There are criminals whose main objective is to make money through selling data to other criminals to use in identity theft, steal trade secrets or proprietary information, or simply turn a profit by extorting a ransom payment. The motive of these cybercriminals can be anything from financial gain, to malice against a current or former employee, or, in some cases, the motive is political.

How does a cyberattack happen? 

The scariest part of cybercrime is that there are a number of ways for a cybercriminal to access your computer network. One way is to gain access through a laptop or desktop by hacking passwords. Another way is to gain access through vulnerabilities in your system such as a software that you use that creates an opening. Cyber criminals tend to access your computers and look around for a long period of time to gather information and data that they can use to harm your business or to extort money. 

 The sophisticated cybercriminal will gain access to your system, go through financial files, employee records, tax documents, customer lists and proposals, propriety and confidential information, and whatever else they can find to figure out the best way to extort money from you and increase their financial gain. Some common access point include the following: 

• Phishing emails: Phishing emails create easy access for cybercriminals to hack into your computer network. Phishing emails are emails that look legitimate and from a trusted source, but contain a link or attachment with a malicious code. When a computer user opens the attachment or click on the link, the code is run and your computer becomes infected with malware (software used to allow access to your system). The malware easily moves through your business’ network or connection of computers and, just like that, the cybercriminal has access to everything that your business stores on its computers.

• Viruses: A computer virus is a type of malware that “infects” your entire computer system and provides a way for the cybercriminal to gain access to your system.

• Ransomware: Ransomware is another type of malware which is used to encrypt your computer system and significantly limit or completely shut down your system until you pay a ransom. Ransomware is also used to steal data and PII that the cybercriminals threaten to disclose or post on the dark web unless you pay the ransom.  

What can you do to protect your business from being debilitated by a cyberattack? Unfortunately, just like all individuals cannot fully protect themselves from being a victim of a crime, all businesses cannot fully protect themselves from a cyberattack.

However, there are steps a business can take that make it harder for a cybercriminal to access your systems and cause injury to your business:

• Anti-virus protection: Installing anti-virus software and updating it as instructed is the first step to thwarting access to your system. Never forget to update or the software will be useless.

• Passwords: Every employee needs to use a strong and unique password that is changed frequently.  This seems so simple but this advice is rarely followed. Many cybercriminals hack into systems by “credential stuffing,” which means they run stolen databases until they find a password that matches.  The more complicated your employees’ passwords are, and the more frequently they are changed, the harder it is for a cybercriminal to hack. 

• Two factor or multifactor authentication: It’s sound more complicated than it is. Instead of just logging into a computer with a password, having another requirement, such as a token that is easily accessible on a cell phone app and entered with the password, will make access by a cybercriminal much more difficult, if not impossible, to access your system through a password hack.

• Back up your computers: If a cybercriminal does access your system and your data is backed up and the backups are kept on a separate device or offline, you will more likely be able to continue your daily business and contact with your customers. 

• Secure all laptops: It’s easy to misplace or keep your laptop in an open area where someone can walk away with it. Once you lose control and access to your laptop, a hacker has all the time in the world to access the computer and do damage to your entire network. 

Cyber criminals know no boundaries. The only way to keep ahead of them is to be vigilant in keeping your computer system secure. It’s the first and best response to protecting your business from being one of the many businesses that fall victim to these criminals.