Are you prepared for your Cyber Breach?
Written by Mike Ritsema, President and Partner
You own a small business. We own a small business.
Although i3 Business Solutions and technology specialists recommend layers of security, we say that a cyber-breach is a matter of when and how. Be prepared. UPS, Yahoo, Walmart, Home Depot, and Target were vigilant – but still breached.
i3 Business Solutions recommends going beyond protection to PDR: Prevention, Detection, and Response. Prevent breaches with a UTM – firewall, antivirus & spam protection, along with DNS level protection. Detect malicious activity by watching and monitoring for the bad guys poking in! Respond with appropriate extension of protection against those breach attempts. i3 mandate: PDR – and image based backups; be prepared for your breach!
1. We know of a central Michigan accounting firm that was breached by the Crypto-Wall virus. They went to their backup – but it took 4 days to recover! The partner stated, “Had this breach overlapped our reporting deadlines to federal and state agencies for our customers, then we would have lost a large part of our business.” i3 mandate: be prepared for your breach.
2. We know of a West Michigan firm that was breached by the Crypto-Wall virus. They did not have thorough backups. They drove across the state to buy $2,000 worth of bitcoin. They retrieved their data, although they were down for almost a day. The good news is that the thieves are good business people. They want the cash flowing in so they maintain a good reputation of decrypting and returning the data. i3 mandate: image based backups – and be prepared for your breach.
3. Verne Harnish, author of two seminal small business books that I highly recommend, Rockefeller Habits, and Scaling Up, was recently breached in a hybrid social engineering scam. He’s a small business with very little in the way of infrastructure and installed technology. His own blog post tells the story of a $400,000 ruse included capturing his email address and password, then communicating with his accounting team to ACH or EFT funds. The email communication and approval to move funds were intercepted and spoofed! Even the bank’s protocol to phone and verbally verify failed to prevent the loss.
This is one of i3’s biggest concerns right now: Social Engineering – which goes all the way back a couple thousand years to the Trojan Horse at Troy! Social engineering requests action – that may be fairly common – from your employees. Social engineering is targeted, focused, and pursues people and large sums of $$$. Social engineering can be low tech and may require no technology intrusion. Caution!
1. Train and educate your team to spoofs and ruses that may move banking or credit card funds when unnecessary.
2. Talk to your bank. Your bank Treasury Department may offer ACH blocking – which limits transfers to only approved vendors or sources – for a reasonable fee.
3. Protect. Detect. Respond. And Educate!
Although we all look to technology and technology innovation to protect our companies, technology isn’t 100% thorough and can’t prevent human error.
i3 mandate: forward this blog post link as an email and educate your team!
And, contact i3 Business Solutions for a pre-breach assessment. Be prepared for your cyber-breach because it is inevitable.