Berkowitz Pollack Brant | Ransomware attacks continue to rise among small and mid-size businesses

Article by Brandon Bowers | These costs are one reason why ransomware attacks are particularly damaging to small businesses, 60 percent of which are forced to go out of business within six months following a breach.

PROTECTING AGAINST RANSOMWARE ATTACKS

One of the first steps small- and mid-size businesses should take to protect themselves against ransomware attacks is understanding how these scams begin. Countless studies have found that the most common ways criminals access victims’ systems are 1) phishing scams, in which users are tricked into clicking on malicious links or attachments contained in emails, and 2) stolen or compromised credentials, such as users’ login names and passwords. However, there are several strategies businesses and nonprofits can employ to minimize these risks, starting with the following:

ESTABLISH SMART POLICIES

• Recognize and adhere to cybersecurity standards required for your industry.
• Proactively develop and regularly test your incident response plan (IRP).
• Share best practices for how all members of the organization can protect themselves from cybersecurity risks, such as using strong passwords and password-management solutions.

EDUCATE EMPLOYEES

• Establish a plain-language security-awareness program and train users to identify phishing scams and avoid falling victim to these and other social engineering attacks.
• Require employees to participate in simulation exercises to test their level of social engineering awareness.

MAINTAIN A STRONG DEFENSE

Employ a multi-layered approach to your cybersecurity program, ensuring your strategies protect your most critical information system assets across various environments.

• Keep software up to date.
• At a minimum, deploy Next-Gen firewalls and managed detection and response systems (MDRs).
• Leverage a password manager to reduce bad password hygiene practices that can lead to expanded exposure from compromised credentials.
• Conduct regular risk assessments, vulnerability analyses and penetration testing to understand your risks and to develop your security roadmap.

About the Author: Brandon Bowers is director of Managed Cyber Security Solutions with Berkowitz Pollack Brant Advisors + CPAs, where he provides businesses, professional services firms and family offices with business continuity and recovery, cybersecurity and fully outsourced help desk services. He can be reached at the CPA firm’s Ft. Lauderdale, Fla., office at (954) 712-7000 or info@bpbcpa.com.

[1] IBM’s 2023 cost of Data Breach Report

[2] IBM’s 2023 Threat Intelligence Index

Compliments of Berkowitz Pollack Brant Advisors + CPAs – A Member of the EACCNY