America’s 30 million small businesses create about two out of every three new jobs in the U.S. each year, and more than half of Americans either own or work for a small business. Small businesses play a key role in the economy and in the nation’s supply chain, and they are increasingly reliant on information technology to store, process and communicate information. Protecting this information with cybersecurity against increasing cyberthreats is critical.
Small employers often don’t consider themselves targets for cyberattacks due to their size or the perception that they don’t have anything worth stealing. However, small businesses have valuable information cybercriminals seek, including employee and customer data, bank account information and access to the business’s finances, and intellectual property. Small employers also provide access to larger networks such as supply chains.
While some small employers already have robust cybersecurity practices in place, many small firms lack sufficient resources or personnel to dedicate to cybersecurity. Given their role in the nation’s supply chain and economy, combined with fewer resources than their larger counterparts to secure their information, systems, and networks, small employers are an attractive target for cybercriminals.
The Department of Homeland Security (DHS) established October as National Cyber Security Awareness Month to educate the public and business owners about cybersecurity. As a small business owner, now is the time to take stock of your cybersecurity health, including the importance of securing information through best cybersecurity practices; identifying your risk and the types of cyberthreats; and learning best practices for guarding against cyberthreats. Understanding the threat environment and vulnerability can help small business owners make sound, risk-based decisions about investing in cybersecurity protection. The information and resources below are designed to help small employers better protect the data of their customers, employees, and business partners.
If Your Business Has Been the Victim of a Cyberattack
- Inform local law enforcement or the state attorney general as appropriate.
- Report stolen finances or identities and other cybercrimes to the Internet Crime Complaint Center.
- Report fraud to the Federal Trade Commission.
- Report computer or network vulnerabilities to US-CERT via the hotline: 1-888-282-0870 or the US-CERT website.
The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.
CISA recommends the following precautions to protect users against the threat of ransomware:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when browsing the Internet. Read Good Security Habits for additional details.
In addition, CISA also recommends that organizations employ the following best practices:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
For recent CISA Alerts on specific ransomware threats, see:
- TA17-181A: Petya Ransomware (NotPetya)
- TA17-132A: Indicators Associated With WannaCry Ransomware
- TA16-091A: Ransomware and Recent Variants
Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including
- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files, and
- potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
- Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
- Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
- Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the Web. See Good Security Habits and Safeguarding Your Data for additional details.
- Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks or the Security Publication on Ransomware for more information.
Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center.