business

Knowing how to create accurate cash flow forecasts for your business is an essential skill you need to master so you can predict how much money your business will bring in each month and what overheads you have to cover.

Why do you need to create cash flow forecasts? Cash flow forecasts help you predict fluctuations in your income, your outgoings, and help you make better decisions about your expenses and when to put money away for emergencies (rather than taking it as profit, for example). You may also need to create a cash flow forecast to show to potential investors, your shareholders, or a lender if you apply for a business loan.

What Does a Cash Flow Forecast Look Like?  

A cash flow forecast doesn’t need to be complicated; you can simply forecast your incomings and outgoings on a spreadsheet for the next twelve months (or a shorter timeframe if you prefer) and work out the totals for each month and the year overall – there are a lot of free templates online and you can even do it by hand if you prefer. You also may find your accounting software has a cash flow forecast feature.

6 Steps to Creating Accurate Cash Flow Forecasts

Step 1: Refer to Past Accounts

If you have at least a full twelve months in business behind you, you should have accurate accounts of what your cash flow looked like during that time. These records will make your cash flow forecasts much easier to complete and more accurate, as if nothing changes in the coming year it’s realistic to believe you can achieve the same results. If you believe things will improve or if you suspect things will take a downturn, you can use your original numbers as a guide.

If you are creating a cash flow forecast for a brand new business things are a little trickier, but you just need to do your due diligence to realistically forecast your future cash flow. Be conservative without being overly pessimistic.

Step 2: List All the Expenses That Don’t Occur Regularly

The expenses you pay quarterly or yearly are the expenses that can fly under your radar and cause inaccuracies if you forget to include them in your forecast. Make sure you include expenses like:

• Insurance
• Yearly software subscriptions
• Taxes
• Buying stock
• Accountant and banking fees
• Advertising and marketing campaigns
• Hiring short-term staff or consultants
• Savings for replacing equipment in the future if you buy outright

Step 3: Prepare for Seasonal Fluctuations

Is your business one that ramps up or down during the holiday season? This is important to know, as you need to be prepared to bring in less money from late November through early January, or alternatively, see a big boost. If the holidays are the best time for your business, do you need to including buying in extra stock or hiring extra staff on your forecast? Imagine what your day-to-day would be like during those times and try to foresee those expenses. If necessary, create several cash flow forecasts so you’ll be prepared for a number of different scenarios.

Step 4: Budget for Unexpected Expenses

An emergency fund is an essential part of good personal finance, so it’s only natural that businesses should have one too. Include a budget for unexpected expenses in your cash flow forecast so you can put some money away in a separate business account (if possible) each month for emergency repairs and other unexpected problems.

Step 5: Get Everyone On Board

Are there multiple people in your company with control over spending? Make sure they have their say on the forecast and give them a copy of the forecast when it’s complete.

Step 6: Update Your Cash Flow Forecasts Regularly

The best way to stay on top of your business finances? Update your cash flow forecast on a monthly basis – keep an eye on all those little expenses and services you pay for because they are “no brainer” expenses but are soon forgotten about. When you monitor your cash flow regularly, you’ll see the places where you can trim the fat.

While no cash flow forecast can be 100% accurate, doing your best to research the facts and figures will help you better manage your finances and easily share them with those who need to stay in the loop.

Standard litigation is enormously expensive. In 2019, American companies spent nearly 23 billion dollars on lawsuits. Much of this money was spent on pretrial discovery and the myriad other processes that occur before a suit ever reaches a courtroom. By the time suits finally reach trial both parties have already spent a considerable amount.

The primary issue is that standard litigation is adversarial in nature. Parties to the dispute treat each other as enemies, to be beaten at all costs. This renders the possibility of an amicable resolution next to impossible.

In this adversarial atmosphere, where the lawyers for both parties must labor to find and exploit any possible edge over the other side, you often see years of pretrial discovery, motions, and other procedural machinations. Neither party can afford to miss a piece of evidence or leave a possible argument unmade, and so the cost of litigation balloons astronomically.

Standard litigation is more like a war than a negotiation. Two enemies meet on a battlefield, and the only thing that will stop them from shooting at each other is the total defeat of one side. Until that occurs they will continue to throw troops, resources, and money into the fray. War and litigation are inefficient, and terribly destructive processes.

In answer to this waste, alternatives to standard litigation have developed to give people ways of coming to a solution that doesn’t involve hemorrhaging cash, leaping into trenches and lobbing legal hand grenades at each other for years.

The most common of these amicable contract dispute resolution procedures are arbitration, mediation, collaborative law, minitrials, and summary jury trials. Each one has its strengths and weaknesses, but all can be potent tools to help avoid litigation.

Arbitration

Arbitration resembles standard litigation in many ways. A neutral third party acts as a judge, and the decision they render is legally binding. There is no negotiation in the arbitration process, so it still hangs on to much of the standard adversarial baggage.

However, there are some significant differences. The arbitrator doesn’t need to have any formal legal training, and they don’t need to abide by standard courtroom procedures. Arbitration admits variety in the rules of engagement. Lawyers still make arguments and present evidence, but the endless discovery process that accompanies the courtroom is omitted.

Arbitration is in many ways Standard Litigation Lite. It retains some of the structure of a standard court case, but eliminates formality and greatly reduces the cost of dispute resolution by eliminating onerous pretrial discovery.

Mediation

Arbitration is still fairly adversarial. Mediation takes the opposite approach. This method for amicable dispute resolution is more like couples counseling than litigation. The mediator doesn’t render a decision. Instead, they work to help the disputing parties reach a resolution on their own.

Mediators frequently have a legal background along with formal training in effective listening, and negotiation. Their job is to avoid the sort of adversarial tactics that shut people down and stop them from listening to each other.

In this way, mediators help facilitate a discussion between the two parties. The mediator may find him or herself explaining or translating each party’s positions. They help establish goals for the mediation and offer tools for profitable conversation.

Trust and a willingness to make concessions are very important to mediation. Mediators help both parties stay in conversation so that they can find useful commonalities the help reach a solution.

Collaborative Law

Collaborative law is very similar to mediation except that there is no third-party participant. Instead, each party and their lawyers set the rules of engagement, and work collaboratively not aggressively to work out a compromise.

Because there’s no mediator to help calm tensions and guide the conversation, collaborative law can be more difficult to navigate. Each party has to agree ahead of time that the pursuit of an amicable solution is more important than making sure they get everything they want.

This method works best when participants are all motivated to avoid court and the staggering fees associated with it. If the process is successful, a binding settlement agreement will result.

Minitrial

Minitrials have features of both standard litigation and mediation. They’re meant to give the parties to a dispute the chance to plead their case as they would in a court of law, but with a dramatically condensed schedule.

Instead of spending years on discovery, witness depositions, document exchanges, and the rest of the legal process, this is all accomplished in a few days. Then each side makes its case as it would during a trial, but with brevity as the goal.

Minitrials are interesting because each side is arguing its case to three people. One is either a former judge or a subject matter expert. The other two are representatives of the disputing parties. In this way minitrials resemble mediation.

Once proceedings have concluded, the representatives can ask the third-parties opinion about what the result of the trial might have been in a real court of law. Then the three can use that knowledge to help come to an agreement.

Summary Jury Trial

Disputing parties often have unrealistic notions about how strong their case is, and this leads them to charge blindly into litigation. A summary jury trial uses a jury of six people, all under the impression that they’re rendering a binding decision, to give both sides a true sense for how a jury might receive their arguments.

The trial is conducted in a standard courtroom, often as a precursor to standard litigation. Lawyers for both sides will make opening statements, and then present evidence, deliver testimony briefs, and argue their case in a condensed format, usually speaking for an hour.

Closing statements follow and then the jury is released to make their decision. This isn’t binding, but they don’t know that. The whole process gives participants a more realistic, grounded understanding of what it would take to win. In the vast majority of cases where summary jury trials have been used, they’ve resulted in rapid settlements.

If you’re looking at the possibility of litigation, it behooves you to try and interest the other party in one of these alternative dispute resolution models. You’ll both save a substantial amount of time, money, and heartache. You may also be able to salvage your business relationship, and that can often be motivation enough.

Maintaining healthy cash flow and proper working capital levels is a constant struggle for most businesses. If you’re having issues, it may be worth looking at two key metrics that may indicate where your problems lie.

DSO, or Days Sales Outstanding measures the average number of days that it takes your customers to pay their invoices. A high number indicates slow payment, which can delay cash from hitting your account. Lowering your DSO will translate to stronger cash flow.

The other metric to look at is your DPO, or Days Payable Outstanding. This is the flipside to DSO. It represents the average number of days that it takes your company to pay vendors, bills, and other outstanding invoices. With DPO, higher numbers are better as this translates to cash-in-hand for longer periods of time. If your DPO is too low it means that you’re paying invoices too quickly, placing unnecessary limitations on working capital.

Below you’ll find a number of strategies to reduce DSO and improve the ratio of DSO to DPO in order to heal cash flow problems.

Increase Visibility

Before you take any other steps, it’s important to have a full and complete picture of your receivables and payables. For DSO, make sure you have reporting practices in place that allow you to see which customers tend to pay late, trace any correlations that exist with your sales practices, and discover internal issues that might be causing delays.

For DPO, you need to know how much you’re spending, on what, by whom and the terms that were negotiated. Increasing visibility on both of these metrics will help guide your improvement efforts.

Adjust Your Payment Terms

A good rule of thumb is that your DSO should be within 20% of your stated payment terms. If you’re within the right range and find that your DSO is too long you should consider gradually reducing your payment period. If you find that the percentage is significantly higher than it should be it’s worth offering incentives and/or charging penalties to motivate a closer alignment.

You could offer an early payment discount if your customers pay within 10 or 15 days. On the flip side, you could charge a small penalty for payments that are made after your normal payment window. These penalties could accrue at regular intervals after an invoice’s due date passes.

Automate Your Billing

If you’re still relying on manual, paper-based billing systems, you should consider going digital. Electronic invoices can be generated and submitted for payment considerably faster, arriving in your customer’s inbox immediately.

These systems will keep you apprised of outstanding invoices, send out automatic payment reminders, and can make it much easier for customers to pay. In many cases, you can have direct links to digital payment methods included right inside your invoice.

It’s also worth offering your customers a wide range of payment options. Depending on their current financial situation, certain payment methods might be more desirable than others. Meeting your customers where they are will help speed collections and reduce your DSO.

Reexamine Vendor Terms

It’s often possible to negotiate better payment terms with your vendors and other accounts payable, particularly if you give them a lot of business. Don’t assume that their default terms are the only ones they’ll consider. Ask for a longer payment window, or a discount for faster payment.

If your current vendors aren’t willing to negotiate, consider switching to one of their competitors. The more you can negotiate advantageous payment terms the longer you can push out your DPO, gaining a more favorable DSO to DPO ratio.

Focus on Customer Credit Issues

It’s important to institute customer credit risk policies and apply them consistently, no matter the salesperson making the sale. The goal is to identify risky customers, both current and new, and decide what level of credit risk your organization is willing to face.

You should run thorough credit checks on new customers, and consider rejecting them if their established credit record is worse than your predetermined threshold. You might also consider firing existing customers that consistently allow their invoices to become significantly delinquent. Your organization has a limited number of productive hours. If your services are in demand, it’s worth eliminating bad players so that you can focus on customers that help keep your DSO down.

Have a Rigorous Collections Process in Place

You want all of your AR personnel to be following a consistent collections process. This makes certain that invoices are sent in a timely manner, that payment reminders go out on time and without fail, and that delinquent accounts are handled professionally, and with a level of severity appropriate to the delinquency of the account.

Taken in their entirety, these practices can go a long way to bringing your DSO and DPO into more acceptable ranges, delivering more consistent cash flow and higher working capital levels.

If you operate a small business, you are undoubtedly aware of cyberattacks’ looming and ever-growing risks. You’ve likely heard of large-scale data breaches, ransomware attacks, and theft of customer data from big enterprises like Home Depot, Target, and others. You probably assure yourself that you are not a target because you are not a huge enterprise. Or, maybe you feel protected because you don’t handle customer data.

The truth is, however, that cybercriminals do not discriminate when they target businesses. These attacks are not always executed with precision but can be blunt force attacks merely looking to exploit any user’s vulnerability. Sure, they are looking for big targets, but cybercriminals will also exploit smaller companies that can present fewer obstacles. And no matter what technology you employ in your organization, users are the most significant vulnerability when it comes to cybersecurity. The best defense is through user education and the implementation of firm cybersecurity policies.

Cybersecurity should be a top priority for all businesses, regardless of size. Small businesses are often targeted by cybercriminals as they tend to have less sophisticated security measures compared to larger organizations. A robust cybersecurity policy is critical to protect the business from various threats such as data breaches, malware, and phishing attacks.

Here are some essential elements of a cybersecurity policy for small businesses:

1. Purpose and Scope: Clearly state the purpose of the policy, who it applies to (all employees, contractors, etc.), and what it covers (all systems, networks, and data).

2. Roles and Responsibilities: Define who is responsible for implementing and enforcing the cybersecurity policy. This may include the business owner, IT staff, or a third-party security provider.

3. Password Policies: Establish requirements for password complexity (including length, type of characters, etc.), how often they should be changed, and how they should be stored. Consider implementing a password manager for better security.

4. Access Control: Implement the principle of least privilege (PoLP), meaning that users only have access to the information and resources necessary for their job role.

5. Physical Security: Protect physical devices and hardware from theft or damage. This can include lockable cases for laptops and secure areas for server storage.

6. Internet Use: Establish guidelines for appropriate internet use to prevent exposure to risky sites and services.

7. Email and Communication Security: Implement measures to prevent email phishing and other communication-related threats. This may include spam filters, email encryption, and training employees to recognize phishing attempts.

8. Device Security: Ensure that all devices used for business purposes, including personal devices in a Bring Your Own Device (BYOD) setting, are secure. This can include using firewalls, antivirus software, and ensuring all devices are kept up-to-date with patches and updates.

9. Incident Response Plan: Outline the steps to be taken in the event of a security incident, including identifying the issue, containing the threat, eliminating the cause, recovering from the incident, and post-incident analysis.

10. Backup and Disaster Recovery: Regular backups should be made of all important data and a plan should be in place for restoring data in the event of a loss.

11. Training and Awareness: Regularly train employees about the importance of cybersecurity, how to identify threats, and what to do if they suspect a security issue.

12. Regular Audits and Updates: Conduct regular audits to ensure the policy is being followed and update the policy as needed to address new threats or changes in the business.

A well-defined and enforced cybersecurity policy can greatly reduce the risk of cyber threats and help a small business respond effectively if a security incident does occur.

Human error is the greatest risk.

Small businesses need to enable basic-level technologies to protect their networks and systems. Firewalls and anti-virus software help block significant attacks. But no technology will protect against human error. By far, the most common human mistakes regarding cybersecurity involve clicking unknown links, opening attachments, and entering login or other credentials into sites that seem legitimate but are, in fact, counterfeit. According to one recent survey by Experian, 66% of businesses consider their employees the weakest cybersecurity link.

This is not to say that employees are not intelligent. The way business is conducted has changed drastically, and emails with attachments are part of daily, if not hourly, life for most workers.

Policies help make security second nature.

Creating a strong and easy-to-understand security policy helps facilitate more secure employee behavior. The most effective policies evaluate today’s risks and are flexible, allowing for revision as necessary. While there’s no one-size-fits-all solution, small business cybersecurity policies should include provisions on email security, passwords, multi-factor authentication, and the use of media such as USB drives. Let’s briefly examine each of these risks and how a policy can provide ongoing protection.

1. Email can be an open door for cyber risks

Phishing, a fraudulent practice where emails are disguised as legitimate to induce people to give up personal information, such as passwords. A cybersecurity policy can address this by adding a layer of caution. Users can be trained on the signs of phishing, such as poor writing, and odd email extensions, such as @mail.apple.work instead of @apple.com. It’s equally crucial for your security policy to state that it covers the use of personal and work email on work computers. 

2. Passwords only protect when used properly

Strong password hygiene is an essential component of cybersecurity policy. Train users to avoid sharing passwords with others. Policies should prohibit using the same login credentials across various online services. Security experts recommend using complicated passwords containing no “dictionary words” and using a mix of characters, numbers, and capitalizations. Your policy should also prohibit using the same credentials for various services.  

3. Enable multi-factor authentication where possible

Small businesses can increase their protections with multi-factor authentication (MFA). This technology requires a user to know something (a login credential) and possess something (a smartphone or other device.) MFA raises the bar for hackers considerably. According to Microsoft, 99.9% of account hacks are blocked by the practice. If MFA is an option on the programs and systems your business uses, enable it, and make sure your policy requires it for all users.

4. Addressing the use of removable media

Not all cyber threats travel via email and the internet. Some can sneak in on a removable USB drive. USB drives can help transport documents, but it is essential to protect your systems from malware and viruses that can jump from a home or other computer. USB drives also can be easily lost, leading to the risk of sensitive information getting into the wrong hands. A USB drive security policy should require encryption of files, at a minimum, but can also extend to other protections, such as ensuring that only a specific brand of drive is used, as malware can hit the drives during manufacturing in some cases.

These are just a few examples of how a cybersecurity policy can protect your small business. Cyber threats often change, with new risks identified almost daily. Your policies should respond to these changes. Hold frequent security meetings and ask for input, even if it is held once a quarter. With a clear and enforced policy, cybersecurity can be on your users’ minds throughout the day. Help spread enthusiasm for security, and you’ll make great strides toward a more secure business.

Maintaining proper revenue levels is critical to the health of a business. Without enough coming in the door, it can be difficult to stay current with expenses. But sales are only half of the process. Revenue can’t be realized until it has been collected, and slow accounts receivable (AR) collections can have a negative impact on cash flow. It’s critical that businesses speed up collections processes in order to reduce AR to put themselves in a more stable financial situation.

Speed Up Collections Processes By Following These Suggestions

It’s hard to reduce AR rapidly without a plan. Below you’ll find 16 concrete steps you can take to firm up your collections processes and get your AR system working as efficiently as possible.

1. Send Invoices Immediately Upon Project Completion

Businesses frequently set a billing cycle in order to concentrate their invoicing efforts at specific times in the month. This is a time-efficient method, but it can delay collections. If your business invoices at the end of the month, work completed at the beginning will sit unbilled for weeks before going out to the customer.

Instead, consider invoicing projects as soon as they’re finished. This can dramatically shorten the delay between finishing a project and getting paid.

2. Don’t Wait To Collect

The longer invoices are delinquent the less likely they are to be collected. To prevent this you should contact customers with a friendly reminder the very first day their account goes past your collections term. If you invoice Net 30 you should have an AR team member contact them on day 31.

3. Speed Up Collections By Invoicing Electronically

Paper invoices take time to be delivered through the mail. Additional time is then lost while your customer routes the invoice through their intake process.

Electronic invoices are delivered instantly, directly to the proper parties, and are easier to integrate into accounting systems.

Additionally, electronic payment methods can be embedded directly in the invoice, making payment considerably easier. On the whole, electronic invoices can shave considerable time from a customer’s payment process.

4. Systematize Payment Reminders

To reduce AR you need to create a set schedule for reminder letters and phone calls, and then apply that system consistently. You might send a friendly reminder the first day an invoice is late and another at fifteen days delinquent. Sample collection letters are listed here.

If the invoice goes past 30 days you can send a more firmly-worded request for payment and also reach out by phone. These emails and calls should get progressively more serious in tone as the invoice ages.

Setting a regular process assures that you consistently attempt to collect all of your outstanding accounts.

5. Automate Your AR Collections Processes

Manually tracking the payment status for outstanding AR, generating reminders, and remembering to make follow up calls can be very demanding on your AR team’s time. Using software to automate this process can free them to focus on other responsibilities.

Automated invoicing and collections software can help you rapidly create invoices and send them to clients, making it easier to bill upon completion instead of billing in a cycle. The software will also send out reminder emails automatically, and remind your team when phone calls need to be made.

6. Make Sure Your Invoices Are Clear, Thorough, and Easy-To-Understand

Clear, detailed invoices make it easier for your customers to understand what they’re being billed for, which speeds up processing and saves time explaining items.

Some customers have specific requirements for invoices in order to route them efficiently. Get these guidelines ahead of time, and adhere to them. It’s also worth occasionally confirming the contact information you have on file. Sending invoices to an old contact or the wrong building can slow down the payment process.

7. Include Multiple Payment Methods With Your Invoice

Customers have different payment preferences, and sometimes these can change depending on where they are in their own billing cycle. Providing as many payment options as possible, both physical and digital, increases a customer’s ability to make a timely payment.

You can further reduce AR and speed up collections processes by providing ready access to all of your payment options directly inside the invoice. This makes payment extremely easy for your customers, which will help reduce the likelihood that they’ll put it off.

8. Reduce AR By Requiring a Down-payment

It’s good practice for project billings exceeding a certain dollar amount to request a percentage be paid as a deposit before work can begin. This prevents the entire billable amount from possibly becoming delinquent and assures that you’ll make something on the project even if the final bill is never paid.

Deposits have the added benefit of forcing your customers to put skin in the game. They’ll be more present throughout the process because they’ve already made an investment, and this increases the chances that they’ll pay the balance faster upon completion.

9. Practice Periodic Invoicing

For longer projects, get your clients to agree ahead of time to be billed in installments. You can set up invoices to trigger at specific milestones throughout the project. Collecting portions of the total bill at periodic intervals helps your cash flow and makes it easier for your customers to pay.

Spreading smaller payments throughout the life of the project also helps their cash flow, as periodic payments are easier to satisfy than one large invoice at the end of the project.

10. Reward Early Payment and Penalize Delinquency

You can try to incentivize customers to pay early by offer a small discount. In your terms, you might write, “3/10 Net 30”. This means your customers will get a 3% discount if they pay within the first 10 days. This can be very effective for industries with tight margins, where pennies are pinched.

You can also levy a penalty for late payment. You might specify a 2% penalty for payments made after 30 days. This could increase to 5% after 60 days. This can be effective but it isn’t particularly popular with customers. And depending on their situations, the strategy can backfire. If customers aren’t paying because of cash flow issues, progressively increasing what they owe will actually make it less likely that they’ll be able to satisfy their balance. Gauge your customers before using a penalty.

11. Revise Your Payment Terms

You can speed up collections by shrinking your payment window. If you currently bill Net 30, consider reducing this to Net 20, or Net 15. This is still a reasonable payment period and it means responsible clients will pay more rapidly. If you’re uncomfortable making this change for existing customers you can make it your policy for new customers going forward.

12. Set Up a Payment Plan

Just like anyone, your customers may suffer cash flow issues on occasion. If good customers are having a difficult time paying, you can revise their terms to create a tiered payment plan.

You could allow them to pay 30% of their total invoice Net 30, another 30% Net 60, and then their remaining balance Net 90. In a sense, this practice actually slows your collections process, but it helps assure that you collect in full, which is better than not collecting at all.

13. Use Credit Applications to Determine Delinquency Risk

Credit applications let you examine a potential new client’s credit history. If it appears they are chronically poor payers you may opt not to take them on. If you do, you could amend your normal payment terms to account for the increased risk.

You might ask for a larger upfront payment. You may also require full payment before the release of any final deliverables. This can be a good option for existing customers that are chronically delinquent as well.

14. Don’t Be Afraid to Fire Your Customers

A lot of time and resources are wasted chasing payments from repeat offenders. Look at what you make from these customers versus what’s lost seeking payment. You may find that in some cases it doesn’t make sense to continue the relationship. Your productive time might be better-used serving customers that pull their end of the vendor/customer relationship.

15. Prioritize your Calls:

Contact the consumers with higher balances and the newest past due accounts first. This will speed up your collections process.

16. Take Care of Your Customers Privacy

Ensure that you are talking to the right person before disclosing the account information since they are extra sensitive in situations involving a past-due account. When trying to reduce AR, do not hurry up or appear insensitive towards your customer.

If you need a collection agency to recover money from your accounts receivable: Contact us

Given the duly earned notoriety of this sort of intrusion, most people are familiar with what happens when a computer is infected. It’s a troubling thought that you might one day see a message on your screen telling you that your files have been encrypted and that they’ll be deleted in a certain period of time if you don’t pay some specified amount.

This can be a damaging attack for an individual, but for a business, with dozens, or hundreds of computers all networked together, one attack has the potential to be enormously expensive. But when critical business data is on the line, the urge to pay can be extremely strong.

Thankfully, there are steps you can take to protect yourself from these malicious attacks. If you take the problem seriously and institute a vigilant system of protections you can lower your risk significantly.

Your Employees Are Your Biggest Risk Factor

It’s important to remember that ransomware attacks can’t happen without help. They have to be initiated by running a piece of malicious software, and it’s most commonly your employees that make the mistake.

Ransomware software can be delivered using email phishing attacks or other attacks initiated against your employees or it can be inadvertently downloaded from dubious websites. The latter can be prevented by limiting employee access to risky sites. The former requires training to thwart.

Email phishing attacks are bogus emails that attempt to fool the recipient into clicking on a link or opening a file contained in the email. They might try and convince you the email is from a trusted coworker, or that you’re somehow in danger if you don’t follow the email’s instructions. Clicking the link or opening the file is how the ransomware is activated, so train your employees to NEVER click links or open files if they can’t confirm the email sender’s identity.

You should also rigorously train your staff on what to look for to recognize emails that are misrepresenting themselves. There are almost always red flags that give away the email’s true intentions if you know what to look for.

Backup Your Critical Files Regularly

A ransomware attack has no teeth if it can’t threaten your files, and if you keep regular backups, your files are secure.

The value of keeping regular, isolated backups that can’t be reached by a ransomware attack can’t be stressed enough. This one action can render you safe from the damaging effects of an infection. It won’t prevent them, but it will neuter them entirely.

Run Simulated Attacks

There are services that allow you to simulate the sorts of phishing attacks that tend to deliver malware onto users’ computers. You can send these to your employees as a part of a training program. Not only do these simulated attacks help your staff learn what to look for, but you’ll also get alerted when employees take the bait. You can direct extra training to those riskier employees.

Have Your IT Department Institute a Holistic Security Program

There are a number of preventative measures your IT staff should have in place. These include:

• Scanning incoming and outgoing mail for executables and other risky files.
• Using thorough spam filtering to catch phishing attacks before they reach your employees.
• Making certain that the company’s operating systems, firmware, and software packages are regularly patched to prevent security holes.
• Installing systemwide anti-virus and anti-malware applications and keeping them up-to-date.
• Setting up application whitelisting, that only allows computers on the network to run programs previously established as safe.

Locking down permissions and giving employees only the level of system access they require can also help reduce your risk.

What To Do if You Are Attacked

Taking the precautions listed above will reduce your risk of a ransomware attack dramatically, but no system is perfect. User error can still occur and holes in your security can be missed. If, despite your best efforts, you find yourself the victim of an attack, here are the steps you should follow.

Do Not Pay the Ransom

This is a scary prospect, given that your files are on the line. But even considering this risk, you should never pay the ransom. Those demanding payment from you are criminals, individuals not known for being trustworthy. You could well pay the ransom and still lose your files. And if they do release your files, there’s nothing stopping them from installing a secondary attack which would hit you again weeks after you pay the first ransom.

You may lose your files, and that will be a bitter pill to swallow, but paying the ransom isn’t the answer. You could do yourself more harm than good.

Inform the relevant government authorities which could be the police or the cyber security department. There may be other businesses like you who have been effected and a joint action will be more effective and help to contain the attack. 

Alert Your IT Department Immediately

Fast action is required to keep the ransomware attack from spreading. Make certain you alert the proper people and give them full access to your system. There are a number of things they can do to prevent further damage and potentially save your data. But there’s no time to delay.

Attempt to Remove the Ransomware Infection

In some cases, it’s possible to remove the lock on your system and restore your files without payment. Some versions of ransomware, called scareware or lock-screen viruses claim to encrypt your files in order to motivate you to pay them, but really only create the illusion. Sometimes all it takes to defeat these is a system restart. You can then use anti-malware software to remove the infection.

True ransomware is much harder to defeat, but in some cases, it can be done. Your IT department can research the options and give them a try. They certainly can’t make the situation worse.

Reinstall Your System and Restore From a Backup

This is why you keep backups. If yours are in place, the criminals have no leverage over you. You need only reinstall your computer’s operating system and then restore your files. If you don’t have a backup, the sad truth is that your files are lost. Reformating your hard drive and reinstalling your system software will restore control of your computer to you. You’ll then have to begin the painful process of assessing the damage.

It’s a terrible situation, but let it be a lesson. Always, always, always back up critical files.

Prepare So That You’re Never a Victim Again

Make sure your antivirus protection is updated, that you’re running all appropriate anti-malware applications, and that you vigilantly follow the protective steps detailed in this article. There’s nothing you can do about the loss you may have suffered, but you can work to prevent it from ever happening again.