Just Being Proactive Isn't Enough: What Entrepreneurs Should Do During a Cyberattack

Last month's 'WannaCry'' attack struck huge enterprises. Now, smaller businesses are wondering what hope they have for similar events.

learn more about Adam Levy

By Adam Levy


Opinions expressed by Entrepreneur contributors are their own.

Last month, the WannaCry ransomware attack, according to Reuters, struck more than 150 nations, affecting upwards of 200,000 computers.

Cyence, a firm specializing in cyberrisk modeling, estimated the total economic damage to be around $4 billion. Victims ranged from individual users to massive organizations, including transportation systems in Germany, a communications firm in Spain and hospitals in Britain.

With WannaCry's ability to overtake large enterprises and major networks on full display, smaller businesses were left wondering what hope they had against similar attacks.

Related: WannaCry Ransomware: What You Need to Know

Small businesses fighting big attacks

Most business leaders think -- or should think -- about proactive and preventive measures when they think about cybersecurity. "Proactive" precautions include instituting a managed firewall and antivirus software.

Yet, while these measures are essential, they're no guarantee for avoiding an attack. When a ransomware event does occur, small business owners and entrepreneurs need to know what to do, to repair (or at least minimize) the damage.

Hopefully, such an attack will never happen to your business. But if the worst occurs, here are some steps to take:

1. Act fast with communications.

Ransomware attacks leave no time to waste -- by the time a U.K. researcher slowed WannaCry (24 hours after the attack began), Healthcare IT News reported that the attack had already affected more than 100 countries. Once a small business owner recognizes his or her business is under attack, it's critical to begin communications right away.

Leaders should communicate next steps to the rest of their company. In some cases, they'll also need to alert their customers.

Reporting an attack to the authorities matters, too; the FBI has described criminal cyberattacks as being within its purview. Informing federal law enforcement can help ensure more organizations around the country don't also fall victim, especially when the attack is as far-reaching as WannaCry was.

2. Isolate infected machines.

It can't be said enough: Attacks move quickly from one machine to the next. According to Malwarebytes, when WannaCry was installed on a computer, its code allowed it to spread to other vulnerable machines on the network. This isn't uncommon for ransomware attacks.

Companies, then, must do their best to slow the spread as best they can. Specifically, company leaders need to remove affected computers from their network as soon as they've identified the infected machines.

Related: 4 Ways Ransomware Companies Act Like Legitimate Businesses

3. Document and understand effects before attempting to fix them.

Not all cyberattacks are alike. At best, an attack might take away a specific capability, such as browsing the web; at worst, it might encrypt every last file on a machine, thwarting operations entirely and compromising customer data.

In some cases, WannaCry's effects were astonishingly severe. The British National Health Service reported that WannaCry forced it to shut down 16 of its computer networks, which meant hospitals had to deny care to all patients whose health wasn't immediately threatened. That's far different from losing internet access for a period of time, and its consequences are just as distinct.

Related: Business Cyber Attacks Top 4,000 Per Day: Your Guide to Ransomware

A proactive plan of response is the most effective prevention for a cyberattack, but even the most thorough cybersecurity measures won't completely immunize an organization; there's simply no way to ensure, beyond a shadow of a doubt, that a business won't fall victim to a ransomware attack.

When hackers do strike, taking the above measures may reduce the impact and help speed up the recovery process. That way, small business owners can return to business as usual in as little time as possible.

Adam Levy

CEO, Magnet Solutions Group

Adam Levy is the founder of Magnet Solutions Group, an IT and web development company, and LoTops, a CRM and management application for small businesses in any industry. He tweets regularly on business technology at @Adam__Levy.



Related Topics

Editor's Pick

The Dark Side of Pay Transparency — And What to Do If You Find Out You're Being Underpaid
Thinking of a Career Change? Here Are 4 Steps You Can Take to Get There.
A Founder Who Bootstrapped Her Jewelry Business With Just $1,000 Now Sees 7-Figure Revenue Because She Knew Something About Her Customers Nobody Else Did
Everything You Need to Know About Franchise Law
Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Growing a Business

Scaling Made Easy: How to Scale Your Business like a Fortune 500 Company

Once you have the night-vision skills of Fortune 500 restaurants, scaling becomes effortless. Here are 3 ways to scale, hidden in plain sight.


Streaming TV Is the Future of Advertising — Without Breaking the Bank

Today's consumers expect personal, impactful ads. There's an advertising method that can get you there for half the price, making it the next frontier in digital advertising.