Blog

  • Protect Your Business From a Ransomware Attack

Photo of a business owner viewing content on a tablet device

While a ransomware attack can cause financial and reputational harm to any company, small to mid-size businesses are particularly vulnerable to this type of cybercrime.

Ransomware attacks on businesses across the United States are occurring with increasing frequency. In fact, this type of cybercrime is now committed by hackers every 14 seconds. That’s less time than it takes most people to check a notification on their smartphone or respond to an email. The Morse team is here to help you understand this rising cyber risk and how it could impact your small to midsize business. In addition, we want to share the steps you can implement to safeguard your business against this threat, including, of course, having the right cyber liability insurance solution in place to financially protect you if a ransomware attack occurs.

What is ransomware and how does it attack?

Ransomware is a form of malware used by cybercriminals to target files on your device and make them unusable. When you’re the victim of a ransomware attack, the criminals deploy the malware onto one or more of your devices and demand a ransom, typically a sum of money, to make your files and information usable again.

If you choose to pay the ransom amount, there is still no guarantee that you will get all or even some of your data back. After you pay a cybercriminal, they typically give you a decryption key, which should allow you to restore your company’s files to their original format. However, this type of malware can have ever-changing variants that can make the recovery process nearly impossible, even when you have the key. In addition, paying the ransom not only emboldens the cybercriminals to continue targeting other businesses like yours but also offers no guarantee your business will not be the victim of a future ransomware attack.

The following are some of the most common types of information that ransomware attackers go after.

  • Financial records
  • Credit card data
  • Medical records
  • Photos, videos, or digital collateral
  • Contact or personal Information
  • Email lists

If your business were to lose access to essential data or files like these, it could cost you much more than just the ransom you pay. Many cybercriminals leak the information they’ve stolen, which can require substantial time—and more of your hard-earned funds—to restore. Finally, in these situations, your company’s reputation is likely to take a huge hit. For many small and midsize businesses, these ransomware attacks cause such significant financial and reputational harm that it’s not possible for them to recover, and they’re forced to close their doors for good.

Why are ransomware attacks a growing problem for small and midsize businesses?

You’ve probably read the headlines about ransomware attacks on large organizations, like the Colonial Pipeline, America’s largest fuel line, or, more locally, the Massachusetts Steamship Authority. As the owner of a small or midsize business, it can be tempting to believe that no hacker is going to be interested in attacking your local company. However, this is a common misconception.

Small and midsize businesses are often the prime targets for cybercriminals, due to one major factor: less security. Larger corporations have the money and resources to dedicate toward cybersecurity and screening for potential threats, while your home-based accounting firm or local café are not likely to have the funds to protect the sensitive information gathered on a daily basis. In fact, according to Forbes, over 50% of small businesses have no resources for cybersecurity.

Still not convinced your business is at risk for a ransomware attack? The following are just a few examples of how a business like yours could be vulnerable.

  • You run a hair salon that uses a computer or tablet to track appointments, client information, and employee records such as tax forms, work authorizations, and more.
  • You own a restaurant that uses a point-of-sale system to accept payments, track inventory, manage employees, receive online orders and reservations, and more.
  • You manage a nonprofit that accepts online donations, newsletter sign-ups, event registrations, and more through your website.
  • You are an artisan contractor who uses email to communicate with suppliers and customers or keeps business contracts on a mobile device or computer.
  • You have a home-based business and use a digital device that is connected to the same network the rest of your household members access for personal computing needs.

The threat against your business has never been more prevalent. According to Tech Times, 71% of ransomware attacks are now being leveraged against small businesses, and ransom demands are averaging above $100,000. Any business that uses a device that connects to the internet as part of its daily operation—which is almost 100% of small and midsize businesses—can be the victim of a ransomware attack. While this can be frightening information, it’s important to remember that every business has the opportunity to go on the attack and proactively protect itself.

Three ways to better protect your business against ransomware attacks.

Morse, of course, is here to provide you with three cybersecurity best practices that can help make your company less vulnerable to a ransomware attack, and they shouldn’t require an IT department or a hefty cybersecurity budget. You can likely implement these ideas quickly, easily, and in a much more cost-effective manner than you might think.

  1. Keep all computer software and digital devices up to date. According to the Cybersecurity and Infrastructure Security Agency (CISA), a majority of ransomware attacks are made on businesses that use out-of-date software. To combat this, head into the settings of any company devices and be sure to check for any updates waiting to be made. If it’s possible, Morse recommends selecting automatic updates to ensure you and your employees don’t overlook this important monthly task.
  2. Do offline backups of the online data your company stores. Ransomware variants often attempt to find and delete any information backups as well as the original material, so that businesses have no option but to pay up. Experts recommend following a 3-2-1 rule: make three copies of data, store across two different forms of media, and keep one copy offsite and out of your business network, perhaps on a flash drive or disc.
  3. Train your employees on cybersecurity best practices. From avoiding opening emails from unknown senders to vetting attachments and not clicking any suspicious links, there are many ways your employees can limit the possibility of a ransomware attack. Consider also applying the principle of “least privilege,” allowing your employees to access only what is necessary for them to do their job.

These are just a few of the best practices for protecting your small or midsize business from a ransomware attack. For additional ways to safeguard your company, its devices, and its data from ransomware, as well as other cyber threats, Morse recommends visiting the Cybersecurity and Infrastructure Security Agency.

Morse, of course, is here to help your business recover from a ransomware or other cyberattack.

While taking preventative measures should help minimize the ransomware threats you face, even the most prepared businesses cannot always avoid falling victim to a cybercrime. If your business is targeted by a ransomware attack, Morse Insurance wants to make sure you have the proper cyber liability insurance solution in place to assist you with the response and recovery process.

If your business is the victim of a ransomware attack, a comprehensive cyber liability insurance policy can provide you with the following professional and financial support.

  • Hiring of experts to negotiate with the hackers.
  • Payment to the extortionist, if that is deemed the best course of action.
  • Recovery costs for retrieving your company’s stolen or compromised data.
  • Reimbursement for business income lost due to the attack.
  • Coverage of any legal fees if you have to go to court or hire counsel.
  • Assistance with the cost of notifying your customers of a breach.
  • A public relations campaign to mitigate reputational harm.
  • Credit monitoring and identity restoration.
  • And more…

Finally, one of the most important benefits of having a cyber liability insurance policy is that you can get help paying for forensic experts, who should be able to determine how the hackers gained access to your systems in the first place and can make recommendations on how to prevent future attacks.

In the digital age we live in, ransomware and other types of malicious cyberattacks aren’t likely to stop anytime soon. So, it’s critically important that business owners like you do everything you can to outwit hackers, including having your local insurance professional assist you in securing the right cyber liability program. Morse, of course, is just the team for the job. 


At Morse, our clients are always top-of-mind, and we are constantly working to find the best insurance and risk management solutions to safeguard you, your assets, and the future of your business. If you’d like to know more about the coverage we offer for ransomware attacks and other cyberthreats, please give us a call today at 508-238-0056. Our local team will be more than happy to provide a complimentary review of your current cyber liability protection or provide a free insurance quote on a new policy.