How to protect your business from ransomware attacks

How to protect your business from ransomware attacks

Businesses have been shaken from any complacency about cyber-security this week in the wake of global cyber-attacks. The “WannaCry” ransomware—a malicious piece of software that effectively holds your PC for "ransom"—has claimed more than 200,000 victims so far in at least 150 countries. Businesses are being warned by the Federal Government to take immediate action to protect themselves from further ransomware attacks by cyber-criminals.


Ransomware comes in different forms, but they all stop you from using your PC by either preventing access to Windows, encrypting files, or disabling the use of apps. In a majority of cases, you’ll be requested to pay a fee to regain use of your computer.

The WannaCry attack takes particular advantage of a vulnerability in Microsoft Windows.  In March this year, Microsoft released a security patch designed to tackle these vulnerabilities, but because many businesses don't automatically update their systems, they are easy targets for the cyber-attack. 

These ransom payments are being demanded in Bitcoin—an internet currency that is virtually untraceable, making the hackers very difficult to track down.

Small businesses especially vulnerable to cyber-attacks

Given that these hackers were able to infiltrate the UK’s National Health Service, they are more than capable of hacking the computers of small businesses. 

According to Professor Yang Xiang, Director of Deakin University's Centre for Cyber Security Research: “The person or persons who did this are clearly highly organised professionals who have created very sophisticated software.” 

Although this attack has been the largest ever seen, it is not isolated. The Stay Smart Online program, an initiative of the Australian Government, has documented more than 74,000 cases of cyber-crime reported to ACORN since November 2014, costing the Australian economy more than $1 billion annually. They also report that 30 per cent of small businesses had experienced a cyber-crime in the year before mid-2015.

Small business owners are typically busy and wear multiple hats. Keeping computer systems up-to-date can be low on the list of daily priorities. Recognising this, the Stay Smart Online program has developed a guide for small business, with five easy steps to protect your online information...

What to do if your business has been targeted

Professor Xiang advises that anyone affected by the ransomware should seek advice from security professionals. “Unlocking files can be a difficult process which is certainly best left to professionals,” he said. He also advises against paying the ransom: “It’s not ethical and it just helps criminals to grow their industry while also encouraging copycat attacks.”

Not only is paying the ransom helping the cyber criminals, but it might not even guarantee that your computer will be restored, and could make you more vulnerable to further attacks. The best thing to do if you're the victim of a ransomware cyber attack is get professional help.

Managing risk

Regardless of how well you protect your online information, no business is impenetrable to hackers. Cyber-risk is one of the leading threats for businesses in Australia, with the average incident costing $276,232.

Cyber insurance can cover your business for the direct costs of attacks such as lost profits and system damage. It can also cover hidden costs like privacy breach, brand protection and breach of statutory duties.

CGU's Cyber Defence insurance product has a 24/7 incident response team ready to manage all relevant incidents, from notification right through to resolution. This team is equipped with expert partners—including IT forensic investigators, lawyers and public relations consultants—to ensure all aspects of your business are cared for in the event of a cyber-attack.  If your business were the victim of a ransomware attack, you'd have a 24/7 incident response team on call to help you mitigate any damage. 

With these incidents on the increase, an investment in cyber-safety and cyber insurance can be a wise choice for all small business owners, no matter their location, situation or industry.