When hackers are capable of stealing from a company without even stepping foot on the premises, it’s understandable why so many are taking cyber threats more seriously.
But there’s a common trend among small businesses that believe they are immune to such attacks, saying that they are “too small” for criminals to take notice. Unfortunately, this is far from accurate.
Below, you’ll find the real-life example of a New Zealand hardware retailer that came under attack from ransomware demands following a cybersecurity breach that acted as a wake-up call for the company.
Early last year, Anvil Hardware* was in a panic. As staff arrived to begin their day’s work, a few of them discovered a strange message on their computers: a message that informed them that the company’s files had been encrypted and that the business would need to pay up to release them.
After Ingrid, one of the directors of the business, put in a call to Anvil’s IT support, staff were instructed to immediately remove the computers from the network, pull out network cables and shut everything down. The shared intranet, containing most of the important files and software for the company, had been compromised.
“The attackers had got into someone’s computer the night before and used it as a way to access the shared files on the server,” explains Ingrid.
“Everybody’s computer was offline, which had a huge impact on productivity. You forget how much your business relies on being plugged-in.”
The inability to access files wasn’t the only issue hampering productivity. The company’s point of sale systems were also offline, which meant that employees had to revert to manual price checks and promises for invoices after the system was back online.
Thankfully, this story has a happy ending: Anvil Hardware’s IT support were able to restore the ransomed files with relatively little damage done, with the exception of a few personal hard drives being wiped. Anvil was back online by mid-afternoon the same day.
However, while the initial ransomware attack had been resolved, the wider concern of cyber attack had not. Ingrid explains further:
“A couple of thousand dollars and half a day lost is certainly not ideal, but it could have been a lot worse,” she said.
“The ransomware attack was a wake-up call. It showed us that we weren’t immune to these kinds of attacks.”
What if a more determined, more talented cybercriminal targeted Anvil Hardware and maliciously went through and wiped their files, stole customer data or spoofed invoices?
That kind of financial and reputational damage would not be so easy to recover from.
Read more: What is the cost of a cyber attack?
The solution for Anvil was twofold: first, they improved their cybersecurity policies, particularly in the arena of email—it was suspected the initial ransomware attack came through this channel, so additional safety protocols and firewalls were put in place.
The second solution, however, was more broad. The company chose to invest in a robust cybersecurity insurance policy to protect themselves against the possibility of future attacks.
“[Attacks] can happen and can significantly affect you… you’re not immune, even if you may think you are. [Cyber attacks] have been mentioned countless times in the media—but we thought no, we’re a small company, we’ll be fine,” explains Ingrid.
Rather than take the risk, Anvil Hardware turned to BRAVEday for advice on an appropriate cybersecurity policy.
“[BRAVEday] made it really clear what the policy terms and conditions were so we could make an informed decision,” says Ingrid.
“They’re able to interpret the policies and explain it in plain language—so we know what it does and doesn’t cover.”
The policy has given Ingrid peace of mind knowing that the business, their reputation and their livelihood are covered during a time when cyber attacks are on the rise. Ingrid has one final message for those who aren’t convinced they need to be concerned:
“People can hack into the US government, so they are more than capable of hacking their way into your business.”
For more information about your options in cybersecurity, get in touch with the team at BRAVEday today.
*The retailer’s name has been changed for the purposes of anonymity.
Are the doors of your business open to cyber criminals? Download our cyber security risk assessment checklist to make sure you're covered on all fronts.