Call 01992 466877
The 5 key questions about Ransomware for small business owners

5 key questions about ransomware for small business owners to answer

The impact of a ransomware attack on an organisation can be devastating. So what should small business owners be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly?

This article explains the basics of ransomware, and suggests relevant questions that small business owners and directors might want to ask their IT experts to help drive greater cyber resilience against these types of attack.

Why should small business owners concern themselves with ransomware?

Cyber security is a board level responsibility, and your senior management team should be specifically asking about ransomware as these attacks are becoming both more frequent and more sophisticated.

Ransomware attacks can be massively disruptive to organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.

Questions about ransomware for small business owners
Ransomware attacks in UK have doubled in a year, says Head of GCHQ, Jeremy Fleming

Attribution: GCHQ, CC0, via Wikimedia Commons

What do small business owners need to know about ransomware?

Small business owners don’t need to be able to distinguish between one type of attack and another, but knowing the basics of how ransomware works will mean they can have constructive conversations with both internal and external IT on the subject.

So what do you need to know about ransomware?

Ransomware is a type of malware that prevents you from accessing your computer (or the data stored on it). Typically, the data is encrypted (so that you can’t use it), but it may also be stolen, or released online.

Most ransomware the NCSC (National Cyber Security Council) see now is ‘enterprise-wide’. This means it’s not just one user or one machine that is affected but often the whole network. Once they’ve accessed your systems, attackers typically take some time moving around, working out where critical data is saved and how backups are made and stored. Armed with this knowledge the attacker can encrypt the entire network at the most critical moment.

The attacker will then usually make contact with the victim using an untraceable email address (or an anonymous web page), and demand payment to unlock your computer and/or access your data. Payment is invariably demanded in a cryptocurrency such as Bitcoin and may involve negotiation with the humans behind the ransomware (who have spent time in your organisation’s networks assessing how much you might be willing or able to pay).

However, even if you do pay the ransom, there is no guarantee that you will get access to your computer, or your files.

The NCSC have also seen cyber criminals threaten to release sensitive data stolen from the network during the attack if the ransom is not paid.

The UK government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this (see question 4) and also concern that paying ransoms likely encourages cyber criminals to continue such attacks.

So, here are the five key questions about ransomware for small business owners to ask:

Q1. As an organisation and as a member of senior management, how would we know when an incident occurred?

There is often a significant period of time (known as ‘dwell time’) between an attacker gaining access to your systems and the ransomware itself being launched. Identifying unauthorised access to systems early can help stop an attack, so you need to consider:

  • Has your senior management team explicitly conveyed the threshold for when it wants to be informed of an incident?
  • What monitoring is in place around those critical assets (like personal data) that would have an impact if compromised, lost or changed? Bear in mind that an attacker may have gained access through non-critical systems, so regular monitoring across assets is important.
  • Who examines the logs and are they sufficiently trained to identify anomalous activity?
  • What mechanisms are there in place for staff to report any suspicious activity?
  • Are the thresholds for alerts set to the right level (that is, are they low enough to give suitable warning of potential incidents, but also high enough so that the team dealing with them are not overloaded with irrelevant information) ?
  • How confident are you that you know all the IT assets that your organisation has, and what the state of those assets are? Many attacks can come in via equipment that organisations are unaware of.

Q2. As an organisation, what measures do we take to minimise the damage an attacker could do inside our network?

Ransomware attacks cause damage and can spread rapidly within your systems. You therefore might like to ask:

  • How does the organisation authenticate and grant access to users or systems? Are these measures hard to bypass, and is access only afforded if necessary?
  • How would the organisation identify an attacker’s presence on the network, (e.g. is monitoring in place)?
  • How is the network separated so that if an attacker gets access to one device, they will not have access to the full range of the technical estate?

Q3. As an organisation, do we have a incident management plan for cyber incidents and how do we ensure it is effective?

Organisations should think in terms of ‘when’ rather than ‘if’ they experience by a significant cyber incident. So it’s essential to plan your response carefully and to practice (or ‘exercise’) your response.

A basic incident management plan should include:

  • Identifying the key contacts (e.g. incident response team or provider, senior management, legal, PR, and HR contacts, insurance providers).
  • Clear escalation routes (for example to senior management) and defined processes for critical decisions.
  • Clear allocation of responsibility (specifically whether this is for normal working hours or 24/7).
  • At least one conference number which is available for urgent incident calls.
  • Guidance on regulatory requirements (such as when incidents need to be reported and when to engage legal support).
  • Contingency measures for critical functions.
  • A basic flowchart or process describing the full incident lifecycle, that can be accessed even if you do not have access to your computer systems. Likewise you should ensure that most relevant information (e.g. incident management playbooks and resources such as checklists and contact details) are available ‘offline’.

To assess the effectiveness of your plans you should also ask:

  • How do we practice for cyber incidents, how often, and how do we learn from these exercises? (For example, the NCSC’s Exercise in A Box is a free tool that offers discussion-based and simulation exercises, including ransomware scenarios).
  • What level of expertise could we call on? It’s best to evaluate and start working with a suitable cybersecurity expert before any cyber security incident has taken place as part of your business continuity planning. Don’t wait until you’ve been attacked, it will be a lot harder and potentially more expensive.

Q4. Does our incident management plan meet the particular challenges of ransomware attacks?

There are particular features of ransomware attacks that more general incident management plans may not fully address. It is therefore important to discuss:

  • How might we respond to a ransom demand when attackers are threatening to publish sensitive data? Who would make this decision? (As noted above, the UK government strongly advises against paying ransoms. Furthermore, there is no guarantee that doing so will guarantee a successful outcome as it will not protect networks from future attacks or prevent the possibility of future data leaks).
  • Are we prepared for a recovery that could take several weeks (with damage to corporate reputation and brand likely to last longer)?

Q5. How is data backed up, and are we confident that backups would remain unaffected by a ransomware infection?

Ransomware frequently targets an organisation’s data backups, as this increases the likelihood of an organisation paying. So it is essential that your senior management seek assurance on how backups are being made, and how secure these are.

You might like to ask:

  • What data is deemed as ‘critical’ and how frequently is this backed up?
  • Is critical data saved in multiple backup locations?
  • How frequently is non-critical data backed up?
  • Is the data in cloud backups restorable and recoverable?
  • At any given time, are one or more backups offline?

And perhaps the most important question of all:

How confident are you that you would be able to recover from these backups? How frequently is this checked?

What are your next steps?

No business is immune to ransomware and it’s important for all organisations, regardless of their size or industry, to take the necessary precautions to protect themselves from an attack.

By asking the relevant questions and working closely with your IT experts, you can put yourself in a much better position to respond quickly and effectively if your organisation ever falls victim to ransomware.

If you need any specific advice on how best to protect your business, please don’t hesitate to get in touch – we would be happy to help.

Thanks to NCSC for parts of the information in this article on questions about ransomware for small business owners - a great source of cybersecurity advice from the Government at ncsc.gov.uk. Crown Copyright, content reproduced under license

Did you like this article?

Please help to share it on social media

LinkedIn
Facebook
Twitter
Email
WhatsApp
Picture of Jeremy Tilson

Jeremy Tilson

More articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for further information?

Here’s some related content from our knowledge hub that you may find useful

What is cloud technology?

What is Cloud Technology?

If you’ve ever wondered, “What is cloud technology?” you’re not alone. It’s a term that gets used a lot in business and everyday life, but it can feel like one of those techy concepts that’s hard to pin down.

Don’t worry – we’re here to break it down into plain English and show you how cloud technology can make life easier for your business.

Read More
Boost Your Content Creation Using AI Copywriting Tools

Boost Your Content Creation Using AI Copywriting Tools

Creating engaging and high-quality content consistently can be a challenge for many businesses and individuals. Fortunately, generative AI tools such as ChatGPT, Google Gemini and Microsoft Copilot have emerged as powerful solutions to streamline the content creation process.

Read More
Best practices for Outlook mailbox size

Best practices for Outlook mailbox size

Efficient email management is crucial for maintaining productivity. A large, unorganised Outlook mailbox can significantly hinder workflow and potentially lead to data loss. To ensure optimal performance and avoid these issues, it is essential to implement effective strategies for managing mailbox size.

Read More
Steps after a data breach

Steps after a data breach

A data breach can feel like a devastating blow. It’s a breach of trust, a loss of control, and a potential Pandora’s Box of problems. But knowledge is power. Understanding what a data breach is, and more importantly, knowing the crucial steps to take in its aftermath, can equip you to navigate this turbulent situation and emerge stronger on the other side.

Read More

What our customers say about us

A*

We use AlphaFirst as our external IT Team, they are great, always quick and ready to respond A*

Dawn Anderson
DPA (London) Ltd

Very patient

Leslie and Nick are always pleasant to deal with when any unexpected IT problems pop up. They have been very patient during our office upgrade this year!

Kat Kizzle
Ware Priory

A very personal and helpful service

My experiences since around 11 years ago when I first signed up with you have been very good. In those early days you had a messaging service and I always got called back but now you have direct contact it’s much better, really good. It’s a very personal and helpful service, particularly from Nick (and then from Philip, after Nick introduced me to help with the Mac).

Supplying my new iMac and iPads was efficient and competitive too.

 

 

Lester Bennett
Design Consultant

Flexible and intelligent approach

With a flexible and intelligent approach to resolving complex problems, and a can-do attitude, your recent development of our Finance Budgets application has been a great success and was delivered at great value compared to other possible solutions

Colin Hooker
Finance Planning & Analysis Manager

Support we got was excellent

We chose to work with AlphaFirst two years ago as we were not happy with our current IT partner. We are a small organisation with independent consultants contracting to us on a wide number of projects. Our contact at AF talked me through what we were looking for and explained the various levels of support. We decided to go with a reduced support package due to our size and the support we got with this was excellent, we still have this support now.

Jon Luckhurst
DG International

All was good

Prompt delivery and set up as usual.

Chris Wells
MTEC Fine Art

Really enjoyed working with you

I’ve really enjoyed working with you … great to work with people who just get stuff done!

Alex Rammal
Former Head of IT

Quick to respond

AlphaFirst are always quick to respond, reliable, helpful and friendly. Excellent customer service

Shella Turner
Ware Priory

Friendly and very helpful

As always AlphaFirst find a fast and effective way of getting my PC back up and running with minimum fuss. The Alpha team are always friendly and very helpful.

John Branch
MTEC Fine Art

Transformational to the business

Your bespoke software for Claim and Collect really was transformational to the business so thank you again for that. Will  certainly be in touch should we need similar again.

Ben Ross
High Oak Business Centres

Friendly, knowledgeable and quick to respond

I am a small business owner in Broxbourne and have been using Alphafirst to support my IT for over 5 years. They are friendly, knowledgeable and quick to respond and are keeping my systems future proof and running smoothly. I would recommend them to anyone.

Tim Pedlar
Hopkins Falshaw

Calm common sense and expertise

Many thanks for your support yesterday. I’ll admit I was panicking – your calm common sense and expertise saved at least some of the hair I was tearing out.

Vernon Halsey
IT Manager

Fast efficient service

Erika Kiss
MTEC Fine Art

I appreciate your responsiveness

Whenever we have had a serious IT issue I have always (for many years) been able to rely on you to understand the issue, to react promptly and get us back working quickly. Resolution to issues like this are crucial to our business and I appreciate your responsiveness.

Tony Meyer
Director

Nothing has been too much trouble

Absolutely fabulous service. Really friendly, very knowledgeable and nothing has been too much trouble. Thank you!

Johanna Till
Dogs About Town

Excellent Service

Beverley Packford
Packford Opticians

Very impressed

Nick does go above and beyond I must say. He was very efficient and got us all sorted.

Maxine Padalino
DPA (London) Ltd

Very happy with the service provided

We were very happy with the service provided.
Looking forward to having our computer system finally working as it should!!

Jody Piggott
M&M Welding & Fabrications Ltd

Every firm needs a Nick

Domenico Padalino BSc ArchDip ( HONS ) Arch RIBA MFPWS
DPA (London) Ltd

Innovative and cost effective

Reliable, personable, flexible, innovative, accurate and cost effective – what more could you ask for?

Michael Shane
CEO

Always quick to respond

Absolutely fabulous service from a local IT support company. Nothing is too much trouble. AlphaFirst believe in the old fashioned values of courtesy and integrity. Always quick to respond. Thank you

Janet Reeve
Knight & Day

Absolutely Fantastic!!!!

In times passed writing was done with a quill & a pen-knife was an essential piece of equipment. AlphaFirst is the sharpest computer-pen-knife I have ever come across! Thank you very much guys for your prompt & efficient service. Regards,

Roy Holt
Granville Forbes Architects ltd

You’re a genius!

Just thought I would let you know that the staff here think you’re a genius!

Ben Ross
Director

Nick never ceases to amaze me

Nick never ceases to amaze me with his knowledge of windows and technology in general. He brings out the inner geek in me too!

Tim Pedlar
Hopkins Falshaw

If I could give 6 Stars and more, I would

In short Jeremy and his team at AlphaFirst are absolutely brilliant.

I don’t really do reviews but something happened today that I need to tell you about. My company produces Online Video content which our customers access through software that AlphaFirst created. We have thousands of videos and hundreds of customers.

This morning we began receiving calls from our customers telling us that there was a problem with the software and when we checked, we were experiencing the same problem too. We immediately reached out to AlphaFirst for help. Now to cap this we had an online presentation to a Global Customer that was scheduled for 20 minutes after making the support call to AlphaFirst. Their response was amazing, we sent them a video via their support system of what was happening and they got to it. Our meeting started on time and they had fixed the problem so that we could demonstrate our software to our customer.

I should mention that it turned out that the only reason why the software failed was due to human error on our side when backing up the system the night before but at the end of the day it doesn’t really matter because AlphaFirst’s response was just simply amazing and if you’re looking to work with a company that cares and gets things done when you need it most, then you only have one thing to do – Call AlphaFirst, you can’t go wrong.

Michael Shane
Mi-Crow Courses

Professional and friendly

London Hire - Accessible Vehicle Rental

Have recently switched our IT services to AlphaFirst and have been extremely impressed at how professional and friendly the team have been. Very responsive and they have quickly resolved any minor issues we have had. Happy to recommend their service to others

Richard Gerard-Sharp
London Hire Ltd

Sorted it out in a flash

After one of those days when you’re tempted to throw your laptop off a tall building, Mark from AlphaFirst came to the rescue. He was quick to respond, accessed remotely and sorted it out in a flash. Stress levels now reduced, I’m very grateful!

Heidi Pateman
Ware Town Council

Honest, friendly & reliable, highly recommend!

Christine Burke
Christine Lynne Burke Photography

Very happy

Our request was handled very quickly and easily so very happy with the service provided!

Matt Bourn
Energy Facilities

Very happy with the service

This is the second time we have used your company and Nick and Tony have been very helpful.

Andy Wing
Golden Boy Coaches

Just what we were looking for!

Chloe Norris
Dogs About Town

Partners and Certifications

We're Microsoft Partners
We're Dell Partners
cyber essentials certified
Draytek Authorised Dealer
Malwarebytes Registered Partner
avast and avg reseller
Microsoft Small Business Specialists
Member of Herts Chamber
Proud to be part of Love Hoddesdon
alphafirst_logoBLACK_Transparent_Large_No_Tagline.png
Terms and conditions
Cookie Policy
Privacy Policy
Press & Media

Visit Us

  • The Old Well House, 1 Bell Lane
  • Hoddesdon, Herts EN11 8HW
  • Tel: 01992 466877
  • Email: webcontact@alphafirst.net

OPENING HOURS

  • Monday - Friday:
  • 9:00AM - 5:00PM
  • + other times on request

Join Our Tribe!

Get updates on events, new articles and special offers

Copyright 2020. AlphaFirst Ltd. Registered in the UK No. 4012380

All offers are subject to pre-qualification, maximum one per customer unless stated, and are not valid in combination with any other deal or offer. Terms and conditions apply, and telephone calls may be recorded for training and monitoring purposes. All prices exclude VAT