Small business owners are getting a reminder about the need for cybersecurity from the worldwide "ransomware" attack on computers.
The attack, which has hit companies, schools, government agencies and hospitals, has put company owners on notice that their businesses could be vulnerable to the invasive software that often arrives by email, locks up the files on a PC or server and renders them useless.
Computer users must make a hard choice when they've been attacked by ransomware. If files haven't been backed up in a secure place, users must pay the ransom or lose their data. Law enforcement officers and cybersecurity experts argue against paying up because that encourages thieves to keep attacking. And there's no guarantee the extortionists will release the files even after the ransom is paid.
It may be impossible to make any PC or computer system completely safe. But there are steps owners can take to reduce their vulnerability, and to mitigate the damage if there is an attack:
BACK UP YOUR FILES SECURELY
Companies should be sure they have secure copies of their files stored separately from their computer systems. Probably the easiest way is with an online service that saves your files continuously and that, in the case of a ransomware attack, can restore all of them. But beware — it's not enough to store your files with a cloud service, because it's also possible to back up files that have already been encrypted. To be safe against ransomware, it's important to choose a backup service that saves several versions of each file.
You can also back up your files on an external hard drive or storage disk. But if you have staffers and/or multiple PCs, that can be haphazard and time-consuming. And you have to be sure that your backup is disconnected from a PC once you've stored files, because it too can be attacked.
Any computer or server that has been attacked will have to have its storage erased, and software programs and files reloaded.
STAY UP TO DATE
Owners should make sure that the security on all the software in their systems is up to date. That means downloading operating system and application updates when they become available. Companies should also invest in antivirus software and programs that detect and disable invasive software known as malware — and make sure these programs are up to date too. Owners should consider email security services that look for suspicious emails and stop them from entering inboxes.
Owners need to educate themselves and staffers about how ransomware and other harmful software are spread, and what the consequences are. Everyone in the company should assume that any email with a link or an attachment could pose a threat. They need to know that unless they were expecting an email that has something to be clicked on, they should double-check that a relative, friend or business associate has in fact sent something legitimate. It's a good idea to send a separate email — don't just click on "reply" — and ask, did you send me an email with an attachment or link?
Everyone who uses a computer also needs to be aware that cyberthieves are increasingly using sophisticated emails that can look legitimate: They might have realistic-looking corporate logos and don't have the poor grammar and misspellings found in many scam emails. Clues to look for include the sender's address being unfamiliar or varying from a known email address by one or two characters. Another giveaway is if an email, purportedly from your bank or credit card company, asks you to click a link to contact it and get an important message. You're better off visiting the bank's website through a browser and logging into your account to see if you have any messages.
Follow Joyce Rosenberg at www.twitter.com/JoyceMRosenberg . Her work can be found here: http://bigstory.ap.org/content/joyce-m-rosenberg