If you think ransomware is something that only happens to big corporates and government departments, think again. South African small businesses are now one of the most targeted groups — and the reason is simple: hackers know that small businesses are less likely to have proper protection in place.
This post explains what ransomware actually is, why SMEs are in the crosshairs, and what you can do about it without needing a dedicated IT team or a corporate budget.
What is ransomware and how does it work?
Ransomware is a type of malicious software that locks you out of your own files and systems. Once it’s on your network, it encrypts everything, your client records, your accounting files, your emails, and then demands payment (usually in cryptocurrency) before giving you access back (and a lot of times even if you pay, you don’t get your data back).
The attack usually starts with something as ordinary as a staff member clicking a link in a phishing email. From that single click, the software spreads across your network within minutes. By the time you realise something is wrong, the damage is done.
Why are small businesses being targeted?
Small businesses are attractive targets for two reasons.
First, you’re less likely to have up-to-date backups, proper endpoint protection, or staff trained to spot suspicious emails. Second, you’re more likely to pay the ransom, because you can’t afford days of downtime waiting for an IT team to rebuild your systems from scratch.
In South Africa specifically, the combination of load shedding (which disrupts backup schedules and causes unplanned shutdowns) and a rising rate of business email compromise makes the risk higher than in many comparable economies.
What does a ransomware attack actually cost a small business?
The ransom itself is rarely the biggest expense. The real cost comes from:
- Downtime: most small businesses cannot operate without access to their files and systems. Even two days of downtime can cost more than the ransom demand.
- Data loss: if your backups are out of date or were also encrypted, you may lose months of records permanently.
- Reputational damage: if client data is compromised, you have a POPIA obligation to report it. That conversation with clients is not one anyone wants to have.
- Recovery costs: getting a specialist in to clean a network and rebuild systems is expensive, especially if it’s done urgently.
What can you do to protect your business?
You don’t need enterprise-level infrastructure to reduce your risk significantly. These steps make a real difference:
1. Back up your data (properly). A backup that lives on the same network can be encrypted by ransomware too. You need an offsite or cloud backup that runs automatically and is tested regularly. If you’ve never tried to restore from your backup, you don’t know if it works.
2. Train your staff. Most ransomware gets in through phishing emails. A 30-minute session on what to look for — suspicious senders, unexpected attachments, urgent payment requests — can prevent the majority of attacks.
3. Keep software updated. Outdated software has known vulnerabilities. Attackers specifically look for businesses running old versions of Windows, outdated plugins, or unpatched server software.
4. Use multi-factor authentication. If an attacker gets hold of a staff member’s password, MFA stops them from getting any further. It takes five minutes to set up and blocks the majority of credential-based attacks.
5. Get a professional assessment. You don’t need to guess at your exposure. A basic cybersecurity assessment will tell you exactly where your gaps are, and most issues can be fixed without significant cost.
Ransomware isn’t going away. But it’s also not inevitable. Small businesses that take a few basic precautions are far less likely to become victims, and far better positioned to recover quickly if something does go wrong.