Security

How Small Businesses Can Fund Their Ransomware Protection

Leveraging public and private resources such as threat feeds can help keep costs down as your business builds its cybersecurity program.

Nick Suda

Nick Suda is a security solution specialist for CDW, consulting on the sales, planning and development of security solutions.

When it comes to taking on ransomware, small businesses face unique challenges that can effectively sideline an entire business. Not every organization has the same level of leadership buy-in for their technical teams, and ransomware attackers have learned ways to effectively exploit these disparities. If the CEO or the C-suite struggles to see the case for security, even if the IT department clearly does, it can leave a small business a sitting duck.

Just because a company is small doesn’t mean it’s off the radar of bad actors. Quite the opposite, in fact. For example, the rise of supply chain attacks means that a business could face problems because of its vendors.

Preventing ransomware attacks needs to be taken seriously. The average cost of an attack is $440,000, according to research from the Ponemon Institute — but only 10 percent of that cost is related to preventing an attack, meaning prevention could save a company nearly $400,000.

Just as everyone should go to the doctor for an annual checkup, so too should businesses practice preventive cybersecurity. Security assessments, such as penetration tests by service providers like CDW, and endpoint tools from companies like CrowdStrike or Sophos to prevent malware and ransomware are critical.

Cost-conscious small businesses need options for preventing attacks, and in recent years, the public and private sectors have stepped up to offer a variety of free or low-cost security resources.

Click the banner below to dig deeper into cloud security guidance from CDW.

Make Use of Cybersecurity Threat Feeds

With threat detection, it’s important to keep your ear to the ground to know what’s coming, and publicly accessible threat feeds offer a way to do just that. Many of these feeds — such as the Cybersecurity and Infrastructure Security Agency’s Automated Indicator Sharing network, a program of the Department of Homeland Security — are accessible to businesses as a way to understand potential risks. The AIS network is also available through information sharing and analysis centers (ISACs), which provide targeted information on threats to specific industries, as well as a way to privately share information about emerging threats.

The National Council of ISACs offers a starting point for specific fields; for those interested in signing up for more general feeds, the Center for Internet Security is a great place to start. These feeds, however, are often quite busy, making it difficult to know whether your business might be affected by a given threat. With that in mind, a security information and event management solution from a vendor such as RSA would make a good potential investment.

Capitalize on Nonprofit Cybersecurity Toolkits

Ransomware has been a major area of focus for nonprofit organizations such as the National Cyber Security Alliance, which helps put on Cybersecurity Awareness Month and also publishes a variety of resources for businesses.

Organizations such as these offer digital resources that can help companies understand potential risks and how to avoid them. The Global Cyber Alliance, a nonprofit based in the United States and Europe, offers a toolkit targeted at small businesses that lays out basic recommendations for both employers and team members, including tips for data encryption, website security and integrating multifactor authentication using tools such as Okta.

EXPLORE: How smaller organizations can benefit from cloud security posture management.

Tap into Free Training Events and Industry Trade Groups

As a part of its cybersecurity offerings, the Small Business Administration and its resource partners offer a variety of free and low-cost events, largely virtual, geared specifically to small businesses, as does NCSA.

Associations can also serve as an asset for small businesses. Some in the financial and retail sectors, for example, have helped to create security resources that offer basic frameworks to follow when approaching topics such as penetration testing, insider threats and protocols around COVID-19 — all of which can help a business strengthen its position. Others, such as the National Retail Federation, offer cyber risk exchanges to members that can help keep them abreast of the latest risks within their sector.

Build a Cybersecurity Response Strategy

Each of these offerings can point you in the right direction to improve your approach to cybersecurity, and can provide information about potential threats and effective strategies for arming your employees with the information they need to avoid unwittingly creating problems down the line.

Of course, if a security event happens, you want to be able to respond quickly, and it helps to have resources readily available. CDW’s incident response program offers no-fee retainer agreements that make incident response available immediately in the event of an attack. This lets you focus on solving the problem immediately, not how much the solution is going to cost.

The best way to save money now is to have a solution in place when something happens.

This article is part of BizTech's AgilITy blog series. Please join the discussion on Twitter by using the #SmallBizIT hashtag.