Small businesses vulnerable to cyberattacks, then don’t act

Small businesses suffered a barrage of computer invasions last year but most took no action to shore up their security afterward, according to a survey by insurer Hiscox.

It found that 47 percent of small businesses reported that they had one attack in 2017, and 44 percent said they had two to four attacks.

The invasions included ransomware, which makes a computer’s files unusable unless the device’s user or owner pays a ransom, and phishing, in which emails that look legitimate are used to steal information. The invasions also include what are called drive-by attacks, which infect websites and in turn the computers that visit them.

Despite the prevalence of the data invasions, only about half of small businesses said they had a clear cybersecurity strategy, the report found. And nearly two-thirds said they didn’t bolster their security after an attack.

Some basic cybersecurity advice:

• Back up all of a company’s data securely. This means paying for a service that keeps a duplicate of all files on an ongoing basis. The best backups keep creating versions of a company’s files that can be accessed in the event of ransomware — eliminating the need to pay data thieves.

• Install software that searches for and immobilizes viruses, malware and other harmful programs. Also install firewalls and data encryption programs.

• Make sure you have all the updates and patches for your operating systems for all your devices. They often include security programs.

• If you have a website, learn how to protect it from hackers, using software including firewalls. But you might be better off hiring a service that will monitor your site with sophisticated tools that detect and disable intruders.