Three cyber security scares over the course of a week really impacted me. I’m sharing this story because I was affected, as was my close friend who runs a global business. I’m alarmed and amazed at the sophistication of these cyber criminals, and concerned for all organisations.
First thing Monday, my EA received an email that appeared to be from me, asking her to buy iTunes vouchers for our clients. Smart! They knew she was my EA! Fortunately, my EA’s suspicions were raised - she realised something was ‘not right’ and contacted me.
Cyber attacks like this are common, using social engineering, which basically means researching the targeted individual, along with their organisation and their network, to trick someone inside the company. It’s a reminder to consider what we share online.
My initial reaction was to ask my team, ‘How has this happened - what have we NOT done to protect ourselves?’. We run an all-cloud business, have Intune on our machines, use the latest version of Office 365, and have two-factor authentication. Yet it felt like we had an ‘open door’ somewhere.
The answer of course is education. If you want your team to participate in making the business safer from hacking and cyber crime, you must give them the knowledge to make good security choices. A simple, plain text email can be hard to detect, so you need to make sure that your team knows what to look for, and that you have processes in place to stay safe. I was glad that this time around, my EA knew that I would never just send an email with this type of request without explanation.
Next, I get a call from my dear friend who runs a very successful global business. They are victims of ransomware and the criminals were demanding a Bitcoin payment equivalent to $6K. Too close for comfort. They are vigilant and more mature than most. They, too, run on Office 365 and store data in Azure. But the criminals found the one vulnerability in their environment and exploited it. They had one on-premises workstation backing up overnight running their financial package. All files had been targeted and encrypted, preventing access. A text file was left under each folder (next to the encrypted files) with the following message:
‘Hello, dear friend! All your files have been ENCRYPTED. Do you really want to restore your files? Write to our email - and tell us your unique ID - ID-TYYXXBAX'
They had been watching and waiting for the right time to attack. While the business was distracted by the drama of the data encryption and ransomware, another debilitating situation was brewing. Several days prior, a debtor to my friend’s company received four emails in the space of hours, requesting payment on an overdue invoice and providing details of a new bank account. The email content looked legitimate. So, even though the email address was slightly different, the debtor sent the requested funds to the new bank account.
The unfortunately expensive lesson learned here is to implement training to educate teams about what to look for, and to have processes in place to ensure that payments don’t get into the wrong hands. In this instance, if a vendor or payee requests a change to their account details, call them to verbally confirm before making the change.
Finally, later that week, I received a password-protected email from a major client. Even though I had never received an email like this, I clicked on the message and was ready to enter my details. Hard to believe considering the week I had just experienced, right?! And I’m the CEO of a tech business! Thankfully, in view of my heightened awareness of cyber attacks, I called the sender to verify the content. The email was legitimate!
Cyber attacks like these are becoming all too common and when it comes to cyber security and data protection, too much is never enough. As I reflect on these experiences, I’m sharing some helpful information which I’ve compiled with my friend Bill Rue at MailGuard. Please follow these steps if you fall victim to a ransomware cyber-attack:
- Evaluate the extent of the impact. What files have been locked?
- Don’t immediately pay. Stop and seek counsel. Reach out to your partners – we’re here to help.
- Quarantine the hacked machines or block the network connection.
- Identify if a decryptor fix is available.
- Determine if your data backup is impacted:
- If unaffected, restore data and service from the backup.
- If impacted, do not restore.
- If you are an Office 365 user, login and check you have no rules or if anyone is forwarding your emails.
- Report the incident:
- To the police - their Fraud Squad should investigate.
- To your bank – potential need to block all transactions and change accounts.
- To your insurance company – failure to report such an incident could breach any cyber insurance you may carry.
- To ACORN and ScamWatch.
Prevention is better than cure, so it’s always a good idea to be prepared for all types of cyber attacks that may affect operations. Here are some additional steps we’ve taken to safeguard our business:
- Ensure your business insurance is current, has cyber coverage and confirm coverage level.
- Never leave an on-premises machine backup connected overnight.
- Ensure all hardware touch-points to the internet are protected with up-to-date antivirus.
- Implement a tight third-party payment policy.
- Communicate cyber safety behaviour to everyone in your organisation on a regular basis. Education and a cyber safe culture are key.
- Implement two-factor authentication.
- Subscribe to Office365. We use E5.
- Implement a reputable cloud email filtering service. I recommend MailGuard.
Thanks to Bill Rue and his team at MailGuard – for their support, ideas and referrals during this crazy week. Please contact us at SOS for added assurance that there are no ‘open doors' in your environment.