If you would like to discuss Cyber insurance, please contact us via our Cyber Insurance page.

Advances in technology are great, but the downside is that when you use technology, you are leaving yourself open to all kinds of cyber crime and security threats. Among those threats is the risk of ransomware, which the ACCC has been steadfastly warning small businesses about following a spike in scammers targeting small businesses.

Does this all sound like gibberish to you? Don’t be alarmed just yet; instead, be informed. Let’s take a look at this cyber security threat in, hopefully, plainer and clearer terms.

What is ransomware?

Our friends at the ACCC did a wonderful job of answering that question in terms we understand. Basically, ransomware is “a type of malware that infects a computer system by restricting access unless a ransom is paid to the scammer for the restriction to be removed”. Essentially, these scammers are kidnapping your data, which includes, but is not limited to, things like your financial records and customers’ personal details.

What usually happens is the malware will be downloaded on your computer (we touch on the how of that further below) and then you’ll receive a message from the criminal letting you know that your files have been locked and they will only unlock them if you pay a certain amount of money.

However, given these are the types of people who commit crimes, they can hardly be trusted to unlock your files even if you do cough up the cash they’re asking for. Read: If this happens to you, do not give these people any money. Instead, report it to the authorities immediately.

The biggest concerns in terms of the effects these types of scams can have on your business include the following:

  • Loss of all company data
  • Inability to operate your business for a period of time due to inaccessible computer systems
  • Business data, including sales figures and customer details, being made publicly available

Surely no one would fall victim to these ridiculous scams, though, right?

Ransomware scams are typically successful because they tend to seem as though they are official messages from a government agency or a legitimate company (for example, Australia Post), and these messages usually come in the form of an email. Most often, these emails come with an attached file that, once opened, will install the ransomware on your computer.

While it may seem as though it would be easy to tell the difference between an email from a scammer and one that is legitimately from a government agency or business, scammers are going to great lengths to make these emails convincing.

They do things like changing or amending logos and letterheads to make them seem legitimate, or they create websites that are fake but look like the real deal. They have even managed to gain access to businesses’ correspondence with suppliers and then they copy the style of those emails so that they seem real.

Another method scammers use is pop-ups. For example, in Australia, a number of businesses and consumers reported receiving pop-up alerts claiming to be from the Australian Federal Police saying that the user had visited an illegal website. These pop-ups contain links, which, when clicked, download malware on to your computer.

In short: Even the smartest among us can fall victim to these scams.

How often do ransomware scams happen?

The statistics are both surprising and rising. In 2014, the ACCC says it received more than 2,500 ransomware and malware complaints from small businesses and consumers, with nearly $1 million lost to scammers. And these figures only represent the ransomware and malware complaints that were reported, so it’s believed the actual figures are much higher.

The big takeaway here is that ransomware is only going to become a bigger threat as businesses adjust to technological advances. This is a very real issue that has the potential to significantly impact your business and it’s becoming more and more common.

Small businesses, in particular, are a common target for scammers because larger businesses tend to have greater resources to combat the risk of these scams, including staff whose key responsibilities are aimed at keeping company data safe.

But we’re not aiming to scare you here. All hope is not lost, which leads us to…

How can I protect my small business against these scams?

The following super-solid advice will enhance your chances of not becoming a scam victim:

  • Get a pop-up blocker, which will pop things down before they can pop up.
  • Get yourself a firewall, as well as some decent anti-spyware and anti-virus software.
  • Back-up your data on a separate hard drive and do it often — this means you’ll have access to your data even if you do fall victim to ransomware.
  • Be aware that government departments won’t usually try to communicate with you in the form of an email or a pop-up. And if they do happen to send you an email, they usually won’t ask you to download a file or click on a link.
  • If you get an email from an organisation — be it a government department, a well-known company or a company you do business with — and it seems a bit dodgy to you, don’t open any attachments, click on any links or make contact using the details provided in the email. Instead, go to their website to get their contact details and call that organisation directly to confirm the email is legit.
  • Emails that you seemingly receive out of nowhere are a warning sign, particularly if they contain zip files or .exe files — which you should absolutely not click or download.

Where can I get more information?

ScamWatch has a bunch of resources specifically for small businesses — what wondrous news!