It was a typical morning at the offices of a small Midwestern online retailer. This company, whose name we cannot mention due to a non-disclosure agreement with our source (Gary Miller, GEM Strategy Management) owned a very successful online catalog offering a wide variety of women’s apparel and accessories. They had a terrific reputation and brand, and every reason to be excited about their future.
Then, with a single click, the death spiral began…
An employee received an e-mail with a link to a benign-looking catalog. All it took was one click and the company’s entire network was infected. The Crytowall malware dug deep into the company’s accounting system and customer files, including credit card and social security numbers.
Fifteen thousand customer accounts were locked up by the malware. A ransom demand soon followed, requiring $50,000 for the key. Unfortunately, the company’s backup systems had been down for the last three months. With no way to remove the virus without destroying crucial data, the company had its back against a wall.
They paid for the decryption key. But no luck – it didn’t work. Business came to a grinding halt. The company owners couldn’t afford to rebuild their entire network. Within six months, the company closed its doors, strangled by a lack of sales and cash flow.
Could this happen to you?
Hackers have discovered that small businesses make juicy targets. These criminals love going after small businesses because they’re often the easiest to penetrate. IBM reports that over 62% of the 4,000 cyber-attacks that occur every day target small businesses.
Cyberthugs filch information to rob bank accounts via wire transfers. They steal customers’ personal identity information and resell it on black markets. They nab key information to file fraudulent tax returns, and commit health insurance or Medicare fraud – in your customers’ names.
Most small businesses are easy prey because they fail to take precautions. But you don’t have to be like most small businesses. Here are four things you can start doing TODAY to prevent a shutdown that could destroy your fortunes.
Understand evolving threats – Know what’s at risk in your company. Stay on top of the different schemes hackers use to gain entry. Learn all you can about phishing, spoofing, social engineering, malware, systems hacking, pharming and the latest scams so you can see them coming. Identify your company’s weak points and bolster them as needed.
Institute a dual signature policy – Require that two people sign off on every transaction. At the very least, when in doubt, pick up the phone. Verify all fund transfers or requests for payment before releasing funds.
Ingrain a solid data security policy in your company’s culture – Yes, you need to define and document protocols…but that’s not enough. In order for them to work, they must permeate every activity you and your team engages in. Your employees are the gatekeepers of critical data. Train them to see the warning signs, engage in safe practices and respond effectively to an attack. Examples include using only unique, complex passwords and keeping a “clean desk,” where sensitive information isn’t exposed.
Have – and practice – an incident response plan – Just like a fire drill, being ready for a breach gives your team an edge when faced with a crisis. When everyone knows exactly what to do, you’re better able to nip a hack in the bud.
Why play Russian roulette with your company’s data?
If you’ve been putting off cyber protection measures, thinking, “Oh, that would never happen here,” you are putting your company’s entire future in jeopardy. NOW is the time to call in an expert you can trust to verify that your data is safe in today’s rapidly evolving battle against a host of online bad guys.
When it comes to protecting your data – whether it’s bank account information, customer and employee records or proprietary IP or processes – we’ve got you covered.
