Don’t let high-profile ransomware attacks lull your SME into a false sense of security


Although no business is 100% safe from ransomware, you’d be forgiven if you thought that only large, publicly-listed organisations fall victim to these potentially devastating cyberattacks.

After all, when the NotPetya and WannaCry ransomware variants ‘took the world by storm’, just a few months ago, media coverage was dominated by successful intrusions against multinationals such as FedEx, WPP, Mondelez and Reckitt Benckiser (to name just a few).

Let’s face it – It’s harder for a public company with obligations to its shareholders and customers to keep a ransomware attack out of the press than it is for a small to medium business whose operators are dead set against their dirty laundry being aired. As such, the number of attacks perpetrated against small businesses has gone underreported.

The reality is that small businesses are just as likely, if not more likely, to fall victim to ransomware than large corporations and those that do undergo a cyberattack face an increased risk of going out of business in the near term. Reasons for this vulnerability typically include an inadequate focus on cybersecurity, a lower budget for security infrastructure and the lack of dedicated security team whose job it is to be vigilant for – and remedy – intrusions.

Many small businesses treat network security, like a ‘one and done’ operation.  They plug in a firewall and leave it to sit without monitoring network traffic. Many have outdated equipment and don’t decrypt data coming into their network. With over half of malware being encrypted, these leave a gaping hole in their network security strategy… or lack there of.

To protect themselves against ransomware, small businesses – at a bare minimum – need to have a firewall in place, along with the ability to decrypt SSL/TLS traffic, gateway security and a network sandbox. Furthermore, businesses need to back up their data in case a cyber-attack renders an endpoint, a server, or a network of endpoints useless. With many companies allowing employees to use their personal phone for work and connect to the network, they are inviting a host of potential problems. By using SonicWall’s Secure Mobile Access appliances, an organisation and manage the applications, users, and devices that want to have access to the network. 

On top of these security best practices, businesses should provide their employees with training to ensure they are alert to the means by which ransomware infiltrates a business (e.g. iffy-looking phishing emails and click bait ads such as “65 images that will make your draw drop!”) and exercise caution. With the war for the network also being waged on the endpoint, have a strong anti-virus client on each device. SonicWall’s enforced anti-virus is an excellent option that doesn’t allow access to the network unless the anti-virus’ definitions are up to date.

In a webinar hosted by Dynamic Business, this week, I talked about how you can stop the latest malware and what SonicWall did to prevent the Petya and WannaCry ransomware variants from infecting systems and networks. You can view it here:


About the author

Brook ChelmoBrook Chelmo handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware tsar. He has won numerous awards and accolades for his work and presentations on numerous security subjects that range from data privacy, critical vulnerabilities, and network security. His presentations are filled with deep thoughts and laughter. For more information, email sales@sonicwall.com. You can follow Brook on Twitter: @BRChelmo