If You Think Your Business is Too Small for Hackers and Ransomware Attacks, Think Again!

Don’t let your small or medium sized business be the target for ransomware threats because you are less prepared to deal with cyber-threats. Some of the most common attacks SMB’s see are distributed denial-of-service (DDoS) attacks resulting in hours of downtime and revenue loss, to malware attacks, including those involving ransomware, that may ultimately cause a company to go out of business.  With affordable modern technology, make sure your business is protected.


How many businesses (especially SMBs) can afford to lose $140,000, and experience more than two weeks of downtime and disruption?


We’ve seen numerous clients struggle to recover from an attack.  In one recent example, a business was completely shut down for weeks.  Even after paying the ransomware demand, it took hours and hours of time to try and recover their data and systems. 

Example Ransomware Attack:

ransomware chain

Hackers got into a SQL server and took control, shutting down this small business.  Their IT person couldn’t get into their systems to see what was done; all the servers had been encrypted by the attackers.  Next, this business called their IT firm.  They decided to try and work on it themselves to restore everything.  But after weeks of being shut down with no success of recovering their systems, they decided to pay the ransom.  The ransom was expensive and didn’t bring their systems and data back immediately.  Instead, they were given access to a support group, a multiple tier support and had to start at the bottom with a junior level person.  The problem arises however because these lower-tier people usually don’t know enough to restore an entire business, so they escalate you up in the chain of people.

Now, they have not only paid the ransom, but also spent a lot of money and time with their IT consulting company.   But then we got called to help with their ERP system.  Even though the IT firm had recovered some of their systems, they couldn’t put the ERP system back together.  So, we stepped in and helped, working side-by-side with their IT consultants.  Thank goodness the SQL server wasn’t corrupted.  We helped rebuild their ERP system, signature files for checks were re-created, custom reports were eventually found and restored.  It was a real mess, and they are still working on cleaning up some performance problems months later!

Most ransomware attacks target critical systems, like your ERP solution, specifically the database for your ERP system.  There’s not a lot of important information outside the SQL server databases.  However, it’s common that IT people are not ERP experts.  So, how are you going to protect your most valuable data: customers, payroll, vendors, etc.?


46% of SMBs have been targeted by ransomware, 73% have paid the ransom


How to Safeguard Your Business from Ransomware Attacks:

Ransomware backup

    1. Backups: The biggest thing you can do to make sure your business isn’t vulnerable to hackers it to have good backups with offsite, backup storage.  When attackers get into your system, they know what to look for, including backup files, crippling any business.  Additionally, have a current backup and disaster recovery plan, a “playbook” of processes and activities, invoking backup and disaster recovery services and their interaction with your data and servers.

      Nowadays, you don’t have to have an IT expert.  By utilizing Microsoft Azure and other cloud services, such as Microsoft’s data recovery vault, SMBs have access to top notch security and technology.  

    1. Test your disaster recovery plan on a regular basis: By performing a few tests, you will work out any kinks and be confident if sabotage happens, you’ll be up and running in no time.   We recommend testing your backup and recovery strategy at various times and from different angles. To do this, conduct regular and random tests in which you simulate an event that would call for data disaster recovery and access to your on-premises or online backup.

    1. Education: Educating your users on how to identify, avoid, and report data threats is the most important method an organization can adopt to protect its data. By teaching them to identify and avoid threats, you deprive cybercriminals of the opportunity to compromise data.

    1. Find a partner you trust: Stay current and informed.  Have a trusted partner to help your business.

2 Important Take-Aways:

First, make sure you have solid, offsite backups which have been tested.  There are so many modern-day solutions for SMBs, there’s no reason your business should be without one.  Second, talk to your ERP partner right away.  Make sure together, you have a disaster recovery plan in place. 

There are many options to make sure your business is protected.  Let’s talk and figure out the best solution for you.