Avoid & Prevent Being Held Ransom: How to Stay Away from the Compliance Headaches

November 6th, 2020
Avoid & Prevent Being Held Ransom: How to Stay Away from the Compliance Headaches


When it comes to cybercrime, small businesses are a prime target. Not only do small businesses typically not have the resources or budgets that larger enterprises do, but they also often don’t view themselves as targets or risks—that in itself is reason enough for cybercriminals to target small businesses.

In 2018 alone, the FBI reported more than 351,000 cyber complaints that were filed along with reported losses that exceeded $2.7 billion. Of those crimes, the top three reported were non-payment or nondelivery, persona data breach, and phishing schemes. That same report stated that during 2018, over $28.6 million in HIPPA fines were delivered to healthcare businesses because of data breaches.

So, not only do small businesses need to worry about the financial implications of a data breach along with their reputation, but they also need to be aware of just how costly a data breach can be when it comes to compliance, too.

All in all, data breaches, phishing, ransomware, and other types of cybercrime often come with the same result—costly consequences.

Ransomware, Encryption, and Cryptos—Oh My!

Modern-day cybercrime revolves around gaining control of computer networks, stealing information, selling data, and rendering files entirely useless by encrypting them beyond the point of accessibility.

One of the biggest ways that these cybercriminals will make money through this process is by holding those encrypted files hostage and demanding a ransom in exchange for releasing a company’s own files back to them.

The scariest part? Ransomware damages can happen to any company—no matter how big or small they might be. In 2018, ransomware damages accounted for nearly $8 billion—a number that continues to climb as cybercrime continues to evolve.

Unfortunately, it’s crucial for small businesses to be aware of this possibility. Cybercrime like this is incredibly sophisticated, so sophisticated, in fact, that in most cases it’s truly nearly impossible to regain access to encrypted files without paying the ransom—even by the FBI or the specialist provider.

Hackers typically run ransomware scams by demanding cryptocurrency (like Bitcoin) in order to make it harder for law enforcement to track.

Further, hackers running ransomware scams will likely use automated tools to scan the internet to find businesses with vulnerability, unpatched firewalls, and weak security.

For this reason alone, making cybersecurity an integral necessity to your overall security plan is a must.

Dwell Time: What Is It & How to Avoid It

One facet of a ransomware scheme that can make it so destructive is a characteristic called “dwell time.”

Dwell time is a tactic that criminals use after they penetrate a network in order to watch activity before they do anything malicious. The issue with this? Often, criminals can do this while you’re entirely unaware. That means employees will continue doing what they normally do—filing confidential information, opening intellectual property, using delicate information, etc. As employees go about their job (as they’re supposed to), criminals will be able to monitor that activity and access your private activities, giving them a first-hand look at your valuable and sensitive information.

Dwell time—which could be anywhere from a single day to many months—is unknowable. During this time, they can collect information, review files, scan accounts, and further compromise your company. And often, it’s all under the radar if you’re not properly protected.

The Dangers of Phishing & Social Engineering

While setting up a cohesive cybersecurity plan can help you avoid some of these perils, even the best network security and monitoring can’t keep you safe from what’s usually a business’ weakest link— human error.

Unfortunately, cybercrimes also come in the form of something called social engineering which plays on people’s natural inclination to trust by manipulating them to give up confidential information. Typically, this type of cybercrime has two factors—a phishing email with a phone call, etc. A combination like this typically has a higher success rate.

Further, if employees are not up to date on this type of cybercrime—or just aren’t IT savvy—they can often unknowingly put sensitive information online without even thinking about it. From social media quizzes that are filled with fun, seemingly innocent questions that can steal our information (think about those quizzes with questions like, where did you meet your spouse?) to opening malicious phishing emails that seem authentic, human error is one of the main factors in cybercrime.

All of these human errors are just factors that a hacker can piece together to establish accounts under your identity (like credit cards), reset your online passwords, and steal your information.

The Must-Know Steps for Protecting Your Security

Though all businesses face dangerous risks and costly repercussions should they fall victim to cybercrime, it’s those organizations within industries that have regulatory compliance requirements that can be at the biggest risk. Often, it’s these types of organizations that are hackers no. 1 target.

Protecting your network is a must. While we highly recommend teaming up with an IT security team who can utilize their professional skills, it’s also important to follow along with some crucial steps to ensure you’re not putting yourself at risk.

  • Make sure your hardware and software are updated constantly and make sure you’re on the lookout for new updates always, too.
  • Perform penetration testing and network auditing once a year (more if possible).
  • Back-up your critical files and systems often through encrypted chain-free backups with appropriate retention periods
  • Have solid, appropriate IT policies and guidelines in place. Make sure your entire staff is up to speed on these guidelines
  • Create an annual training system for your company and supporting staff
  • If your organization doesn’t have the resources to handle this in-house, out-source and hire on a competent, professional third-party.

What Are You Waiting For?

You’re a great business/organization but you’re a businessperson not a Cybersecurity expert. Falling victim to cybercrime has costly repercussions—it’s time to ACT NOW and do what needs to be done to protect your company, your critical data, and your reputation. TAKE ACTION!

Because we give back to the community, we are giving away 2 businesses/organizations FREE Cybersecurity Assessments each day until we have to pull this offer.

To get your Assessment visit: www.ybs.us/cybersecuritybook/

Why should you listen to me?


I’m a 2-Time Best Selling Author on the topic of Technology. My company (Your Business Solutions) is celebrating our 16th year in business this year. We’ve been recognized by INC Magazine TOP 5000 list and The Houston Business Journal in their Fast 100 list just to name a few things. To get your Assessment visit: www.ybs.us/cybersecuritybook