Ransomware: Are you doing enough to protect your business?

The threat from ransomware has soared in the last year. In fact, it is now the most likely cyber-threat to UK businesses, with a quarter of all major cyber-attacks involving an attempt to make businesses pay a ransom to get their data back1

Here we explore the key risks to your business and how you can defend against it.

What is ransomware?

Ransomware is a variation on malware and is designed to block or limit access to a computer or data until you pay a sum of money to the attacker.


Why should I be worried?

Ransomware is specifically created to cause your business harm. A common technique is that your files are encrypted and you can only obtain the decryption key by making a payment - although there is no guarantee that you will get your data back if you make the payment.

Some ransomware attacks will only affect one device, however, others are able to affect your entire network of devices, data and storage devices. Such is the threat posed by ransomware attacks, 22 per cent of small businesses that were attacked in 2017 had to cease operations immediately Second Annual State of Ransomware Report: UK Survey Results, July 2017.

22% of small businesses that were attacked in 2017 had to cease operations immediately.

What's the risk to my business?

If you suffer a ransomware attack, the reputational impact can be significant - especially if your website or internet presence is affected.

Moreover, when ransomware hits an entire network of connected devices - the result can be complete business paralysis. Research suggests that on average a ransomware attack causes 25 hours or more of downtime, with some businesses reporting more than 100 hours Second Annual State of Ransomware Report: UK Survey Results, July 2017. Financial loss, of course, comes hand in hand with this.


How can I defend my business against ransomware?

There are some key steps you can take to help protect your business:

  • Keep your PCs, servers and hardware up to date, always installing the latest security measures
  • Put in place strong response, recovery and back up processes - ensure the backup is sufficiently secure to be unaffected if a ransomware infection attacks
  • Use up-to-date anti-malware on all machines, and consider systems that use file reputation/behaviour analysis to identify previously unknown malicious code
  • Educate employees on the risks of opening unsolicited emails and attachments, and visiting questionable websites
  • Avoid using removable media such as USB sticks from unverified sources and know not to download free software/apps
  • Consider application whitelisting (blocking any software not already authorised)
  • Use different passwords for different business logins.

The threats from cybercriminals are continuously evolving so it is important to keep up to speed and take all the necessary steps to protect your business.

 Check out our cybercrime page to find out more about it's risks and how you can tackle them.

Useful Links

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.