What happens if your computer systems are hacked with ransomware?
You are a small to mid-size business. You know everyone at the office by name. They aren’t going to do anything to jeopardize your business and you know that they are all careful. Besides, you are a small accounting firm and just deal with local businesses – nothing that a hacker wants…they are going after the big guys.
Let’s say that one of your employees is going through their email and receive a link to update their word processing software. You don’t have an onsite computer department, the group that does your network and computer support has a weekly stop in, but that’s not for a few days. Besides, she doesn’t want to incur any fees by calling them to find out if this is legit. It says Microsoft and so it must be ok. She needs to get a letter out today, so wanting to be efficient, she clicks on the link and will update the software so she can continue on with her work.
That email was a phishing email which distributed ransomware to her system. But she doesn’t realize this and keeps working. All the while, entering more passwords, giving more and more access to hackers. The malware is slowly spread out to each workstation at your office.
The next morning, you come in, everything is on lockdown and you’re being asked to pay a bitcoin ransom to access any files. What’s Bitcoin? You ring your managed service provider to have them in to fix it, but they can’t get in until tomorrow. They have an emergency crew which will come onsite but it’s going to be three times the normal hourly rate.
Unfortunately, the costs are just beginning to accrue. IMB Security reports that 67% of costs occur in the first year while longtail costs of a breach can stretch over two plus years.
Factor in the lost revenue from being unable to access your client records. You can’t ship, sell, or manage what you can’t see. Your customers need to run their own business, so they find another vendor. More lost revenue. This could go on for days. Those clients liked working with you, but they now have taken their business elsewhere and it’s working out fine, so they don’t return. When asked who they do business with, they tell this story. Is there a price to put on restoring a damaged reputation?
One week later, you’re still not back online. The ransom amount was unobtainable and even if you could pay it, there’s no guarantee that it won’t happen again next week. You now have to get all new systems, plus the time to input all of the lost data – if you can find it, and hopefully salvage all of the lost business. Should we mention the investigation, notification process to your clients about what happened (cringe) and the required credit monitoring you need to offer in order to restore your business and good name?
This scenario is unfortunate, but true.
SMBs account for 43% of data breaches
83% lack the funds to recover from a breach
Healthcare is the most costly industry
The U.S. is the most expensive country