The war in Ukraine – is there a risk to your business?

Businesses have been through a lot lately. And just as it seemed things might be returning to something close to normal after the pandemic, now the war in Ukraine may pose some risks to your small business. If the last two years have taught business owners anything, it’s the importance of having a Plan B, so it’s important to understand how this war could affect you.  

One of the chief risks small business owners may face as a result of the war in Ukraine is that of a cyber incident. 

Cyber risks

With tensions escalating between Russia and the West, including the United States, the potential for cyber attacks against western targets has increased. Businesses of all sizes should remain extra vigilant and all employees should be aware of the possibility of suspicious emails or social engineering attempts. Ransomware attacks are the predominant threat, enabled by phishing emails. 

Companies in the telecommunications, energy and financial services sectors should be on high alert, as should companies that use these kinds of services via a third party or supply chain. 

Here are three steps you can take to protect your business against cyber risks. 

1. Prevent an attack from happening in the first place. This means being able to recognize a phishing email and training your employees to do so as well. Make sure everyone is using secure passwords and two factor authentication wherever possible. Require vendors and other partners to meet the same security standards. 
    
2. Detect an attack quickly if it happens. Whether it’s a ransomware demand or something that just doesn’t look right, stop what you’re doing and get professional advice. Be sure your backups are up to date so you can restore any data you might lose.
    
3. Mitigate the impact of an attack with insurance. Cyber security insurance should include tools for educating your staff and crisis management resources.

 Related: What’s your cyber security IQ? 

Types of cyber threats

The main threat from Russian elements is likely to be ransomware, enabled by phishing emails or smishing texts. Here’s what you need to know. 

Phishing (emails) and smishing (texts)

Every email and text should be carefully inspected before opening it, and before clicking on any links. Check for these red flags:

• An email address or phone number that doesn’t match the sender’s name. Hover over the sender’s email address to see the actual address it was sent from – it may not be the address shown. 
   
• Generic greetings. If someone doesn’t address you by the name you prefer, it’s probably not someone you interact with frequently – even if they’d like you to think it is. 
   
• Suspicious links or images. Best practice is not to click on email links at all. Type the address into your browser – and make sure it’s the correct address, not just the one in the email. 
   
• Spelling and grammar mistakes. If an email is purported to come from a large company, you can be sure that it has been seen by enough people that any glaring typos or grammar errors have been caught. If you see misspellings or errors that would commonly made by someone who’s not a native speaker, be cautious. 
   
• A sense of urgency or secrecy. Suppose an employee receives a text message that appears to come from an executive, asking that money be transferred or an invoice paid. The email indicates that the request is urgent or needs to be completed without going through the proper channels. This is a common tactic of scammers, so be wary. 

If you or an employee receives a message with one or more of these red flags, don’t open it, click on any links, or take action on the request until you can confirm with the sender by another method of communication. 

Ransomware demands and Distributed Denial of Service (DDoS)

These kinds of attacks are carried out by a bad actor getting access to your system and locking it down. They typically gain access through a phishing email. 

To prevent this type of attack, make sure you have the right software that protects against DDoS attacks. Vendors and suppliers should also have anti-virus software protection. And you should back up your system offline, and test your back-up at least every week. 

Related: A cyber security expert answers your ransomware questions

Protect your business

Having an educated workforce is critical to keeping your business safe from hackers, no matter where they come from. Whether you’re a sole proprietor or have 100 employees – or more – those who use your system can act as a ‘human firewall’ to prevent malicious code from getting to your information. 

Cyber security software can protect your business against the costs associated with a cyber-attack.  A Hiscox cyber security insurance policy includes training resources (CyberClear Academy) and expert breach response services. Get a quote today to see how your business could be protected.