Lessons Small Businesses Can Learn from the Global WannaCrypt Ransomware Hack

Preventing WannaCrypt: Small Business Lessons

What can small businesses — especially those operating on the web — learn from the latest ransomware attacks.

Recently, hackers dispatched ransomware called WannaCrypt. When it was opened on computers, it locked users from accessing necessary data. The only way to unlock the hack was to pay a ransom via Bitcoin.

More than 200,000 computers in 150 countries were affected by WannaCrypt. Friday is being dubbed the day the earth was hacked; the impact was so widespread. The biggest impacts were in England, where computers in the public Health Ministry were hacked. Patients were denied access to emergency room services. And some surgeries had to be rescheduled.

Businesses and personal computers in all these countries were affected. In the U.S., FedEx appears to be the most high-profile victim.

The ransomware continued to spread over the weekend as some computers in Asia were affected.

It’s unknown what the fallout may be in the U.S.

What is WannaCrypt?

WannaCrypt is classic ransomware dispatched on a global scale.

Ransomware infects vulnerable computers and hijacks data and programs on the machines. When users attempt to access this information, they’re greeted with a ransom note, virtually, instead.

This is what the WannaCrypt ransom note looks like …

Preventing WannaCrypt: Small Business Lessons

WannaCrypt did not attack computers running Windows 10. Instead, it appears to be targeting Windows computers running the dated XP operating system. A lot of businesses using legacy apps that were first implemented during the XP era may have numerous computers running that version of the system.

How Did This Happen?

Microsoft has stopped issuing security updates for XP and many older systems. The hacker — still unknown — exploited this vulnerability.

Newer computers that aren’t set to install security updates automatically are still vulnerable, too. Microsoft says it sent out a security patch on March 14 that addressed the WannaCrypt ransomware.

Preventing WannaCrypt: Small Business Lessons

A really bad way to end or start your week running your small business is to fall victim to a ransomware attack.

As noted, this WannaCrypt attack could have been avoided by following some simple cyber security best practices. All small businesses could greatly mitigate their risk of being attacked by doing the following:

Finally Scrap Windows XP

Sure, we all loved it. But the turn of the century called and it wants its operating system back. The longer XP is used for your small business and it goes without security attention from Microsoft, it puts your company at greater risk.

While WannaCrypt was a ransomware attack that really just wanted a Bitcoin payment as some sort of shakedown, the next attack could go for data and not even ask for money. For some small businesses, the cost of one customer’s data being hacked on their watch could be devastating.

Don’t Ignore Updates

Microsoft has never been shy about letting you know when updates are available for your computer. Ensure they’re really from Microsoft and install updates as often as they get delivered to your computer.

Updates often address known security vulnerabilities and other issues that impact the performance of your computer. The more that threats like WannaCrypt evolve, the more Microsoft will be updating its systems.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support,” Brad Smith, Microsoft’s President and Chief Legal Officer, says on the company’s On the Issues blog.

Be mindful of updates to apps that your small business relies on daily, too.

Educate Yourself

Cyber attacks are threatening small businesses more than ever. And as more small businesses operate online, it’s likely that they’ll be the most vulnerable.

This is a rather new threat and many business owners are likely to be too busy with other aspects of their company to give cyber security much attention.

Don’t be that person. Stay on top of what’s happening and the many cyber threats your business faces.

Not only can an attack cripple your business, it can put your valuable customer data in the hands of wrongdoers.

Educate Your Team

If you’re up on the latest cyber threats to your business, that information is only as good as how far it reaches.

Your employees pose a greater cyber risk than you. If they’re not aware of a threat or the need to update computers they’re using, they could unknowingly launch an attack on your business.

If you were sitting on information that could have prevented an attack and didn’t inform your employees, you have only yourself to blame for the results.

Develop an Action Plan

Be ready for the next attack on your business and get it in writing.

Share this plan with everyone associated with your small business. The plan should address ways to reduce the risk of cyber attacks and what to do if the company falls victim to one.

Small businesses with more to lose online than others should consider an outside expert to have at the ready in case an attack is launched on the company. This expert should be able to provide a more calm approach to addressing the situation as it unfolds.

It’s expected that WannaCrypt is just one attempt at a global hack. More attacks — even ones larger and harder to defend against — are expected in the near future. And your company could be among the next targets.

Image: Wikipedia 1 Comment ▼

Joshua Sophy Joshua Sophy is the Assistant Editor for Small Business Trends and the Head of Content Partnerships. A journalist with 20 years of experience in traditional and online media, Joshua got his start in the rough and tumble newspaper business of Pennsylvania's coal region. He is a member of the Society of Professional Journalists and was a beat reporter covering daily news. He eventually founded his own local newspaper, the Pottsville Free Press, covering his hometown. Joshua supervises the day-to-day operations of Small Business Trends' busy editorial department including the editorial calendar and outgoing assignments.

One Reaction
  1. Fernando Gómez.

    I would add one thing: go Cloud. Many businesses think they can pour resources once to buy infrastructure to keep them safe: an antivirus, a firewall, a DMZ… then they realise that the infrastructure needs maintenance and they have to hire staff to keep it updated. Whatever resources you are willing to pour to IT, they are limited. And no matter how much you pour, they will hardly ever compare to the resources that Microsoft, Google or Amazon can devote to their own infrastructures. So go cloud. Move small ops at first: say, use Office 365’s SharePoint or OneDrive for your company docs (if your computer gets ransomewared, then format it and be done, knowing your info is safe in the cloud). Then move noncritical systems. Turn your workers computers into limited terminals, knowing that losing one will not put your business ops at risk.