Don’t let your business data be held to ransom

Ransomware is currently one of the most significant security threats to small businesses in Australia. Here are some simple ways you can protect your business against ransomware.

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts (or locks) the files on a computer, making them inaccessible. Once the malware has been downloaded onto the victim’s computer, the victim receives a message on their computer screen from the criminal (the ransom note), advising them that their files have been locked, and demanding money in return for unlocking the files.

Cybercriminals usually demand victims pay the ransom in virtual currencies, such as Bitcoin, which is difficult for law enforcement to trace. Ransomware attacks are just like any other extortion attempt and police advise that businesses should not comply with the criminals’ request for money. Watch our video to learn more.

Ransomware video tutorial

Learn how to reduce the risk of ransomware impacting your business.

View Understanding ransomware video transcript (DOC, 21KB), opens in new window

The value of your data

Information is the DNA of every small business and needs to be protected from cybercriminals.

To get a real understanding of the value of your information, think about what would happen to your business if one of the following scenarios occurred:

your computer systems were unavailable for a week
you lost all the data stored on all the computers in your company
your biggest competitor was able to obtain a list of your customers along with sales figures and notes.

The impact to your business and your reputation could be damaging.

Learn from a business who has experienced ransomware and hear about the red flags.

View Know the red flags of ransomware video transcript (TXT, 2KB), opens in new window

Steps to protect your business

Ransomware threats are a reminder of why it’s so important to think about your security controls and to back-up your business data regularly.

1. Be wary of unexpected, threatening or poorly written emails

Ransomware can gain access to a businesses’ network by disguising the malicious software as a link or attachment in a phishing or spam email.

Email is a popular delivery mechanism for malicious software because email is cheap and reaches a wide audience. Some phishing emails carrying ransomware will appear to be an email invoice from a provider such as an energy company or a telecommunications company. The fake invoice directs the recipient to click on a link and download a file to view their bill. By downloading the file, the recipient installs the ransomware malware onto their computer.

You should exercise extra caution with emails that:

you're not expecting
come from an unknown sender or unusual address
contain attachments or suspicious links.

Train your employees to be vigilant by learning how to identify suspicious messages.

2. Make sure your operating system and anti-virus software are always up to date

Check the security settings on your computer's operating system and software applications to confirm that they're set to automatically update and install new patches. Each operating system is slightly different, so if you’re unsure check the Microsoft or Apple websites for information.

It’s important to have fully functioning anti-virus software running at all times to ensure you're protected to the highest level possible. While trial anti-virus software is free, it usually only updates during the trial period. Check your software to confirm that it is valid and set to automatically update, scan and flag suspicious activity.

3. Back-up your data

Backing-up your business data is critical to safeguarding your business. In the unfortunate event that you're impacted by a ransomware attack, you'll need to rely on these back-ups to restore your valuable data.

Backing-up data means making a copy on another device. For example, you might save your important files onto a second removable hard drive or USB drive. It's best practice to back-up your data on two different devices.

There are two basic kinds of back-ups - a full back-up and an incremental back-up.

Full back up: makes a complete copy of the selected data onto another device. This can be achieved via a dedicated back-up program, or by manually copying files to the back-up device.
Incremental back-up: this saves only the data that has been added or changed since the last full back-up.

Remember to disconnect the back-up device (e.g. external hard drive or USB) from the computer when you’re finished, as attackers are known to encrypt or delete back-ups connected to the computer or network.

It's also important to test your back-up frequently by restoring data to a test location. This helps to ensure the back-up device and backed-up data are in good shape. You can identify any problems in the restoration process and provide a level of confidence that your back-up will work during an actual crisis.

4. Create an incident management plan

It’s good business practice to have an incident management plan that has key contacts, processes and business continuity plans in case you do have an issue. This will reduce the time to get back online, and the stress of recovering your business data so that you aren’t trying to work out what to do when your system is down.

Learn more about how to recover fast from business disruptions.

Next steps

The Australian Cyber Security Centre (ACSC) has prepared a detailed Ransomware Prevention and Protection Guide (PDF, 1.92MB), opens in new window for businesses as well as a Ransomware Emergency Response Guide (PDF, 0.98MB), opens in new window, which includes the following steps:

Record important details as quickly as possible.
Take a photo of the ransom note or any new file extensions you may have noticed.
Turn off the infected device by holding down the power button or unplugging it from the wall. This is the best way to stop ransomware from spreading.
Disconnect other devices which may be on the same network.
Change the passwords for your online accounts.
Visit the ACSC website, opens in new window for more information.
It is important to report the incident to ACSC through ReportCyber, opens in new window or call 1300 Cyber1 (1300 292 371).
Depending on the severity of the ransomware attack, you may have to notify your customers. The Office of the Australian Information Commissioner, opens in new window can provide advice on your obligations.

Helpful resources

Australian Government | Australian Cyber Security Centre

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together. It’s the hub for collaboration and information sharing to combat cyber security threats. ACSC provides timely information on how home internet users and small businesses can protect themselves from cyber security threats. They also help users reduce their risks of software vulnerabilities, online scams, malicious activities, and risky online behaviours.

Learn more about the Australian Cyber Security Centre, opens in new window

Australian Government | ReportCyber

ReportCyber is a secure reporting and referral service for cybercrime. These online incidents may be in breach of Australian law. The ReportCyber website provides a cybercrime reporting mechanism as well as helpful information about cybercrime.

Learn more about ReportCyber, opens in new window

Australian Competition and Consumer Commission | Scamwatch

Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.

Learn more about Scamwatch, opens in new window

Australian Government | Office of the eSafety Commissioner

The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and addresses illegal online content.

Learn more about the Office of the eSafety Commissioner, opens in new window

Australian Government | Attorney-General’s Department

The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regards to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people to protect their identity and recover from the effects of identity crime.

Learn more about the Attorney-General’s Department, opens in new window

Safely storing your data

Your stored business data travels in and out of your network. What key controls can you put in place to ensure it’s safe?

Building employee awareness of cyber safety

Empower your employees to help manage your online security risks

How to protect your website from being compromised

Learn how to protect your website against online attacks.

Important information

This section contains Important Information relevant to the page you are viewing, but you can't see it because you have JavaScript disabled on your browser. Please enable JavaScript and come back so you can see the complete page. It's important that you read the Important Information in this section before acting on any information on this page.

$0 account fee

Offer Up to $300 cash back

View calculators

Refinancing your home loan?

$0 international transfer fee

Discounts and benefits

Unsecured business finance

Offer Get 150,000 bonus Qantas Points

Offer NAB Easy Tap $100 Cashback Offer

Related tools and help

NAB Connect

Small Biz Explorer

The Morning Call Podcast