We had that email we all dread…
“Hi, I’ve had an email from one of your team and we think it’s a scam, just wanted to let you know.”
Then we had several others and as many phone messages from lovely contacts wanting us to know. I’m grateful for our community of clients and contacts for letting us know straight away so we could sort it.
We took the following steps within an hour:
- Stopped what we were doing and got onto our IT guy who specialises in cyberattacks to crawl over our systems to check what had happened, and we followed his instructions. We looked at things like:
- Changing email logins/passwords
- Isolating the data breach, so the rest of the system wasn’t affected
- Adding 2-factor authentication.
- Put one of our team onto responding to all the enquires
- Briefed our friends at Moneypenny who handle our calls – thanks ladies for your help!
- Put a post on our website explaining what had happened
- Emailed our mailing list explaining what we know and advising them to contact their IT departments straight away if they received the emails and NOT TO CLICK ON THE LINKS.
Thankfully, we had confirmation that the issue had been contained almost immediately because of the speed at which we responded.
Obviously, it made us feel sick, but it just shows, that even with regular screenings of our systems, the baddies can attack.
Around 65,000 attempts to hack small-to-medium-sized businesses (SMBs) occur in the UK every day, around 4,500 of which are successful. That equates to around 1.6 million of the 5.7 million SMBs in the UK per year. (CSO online)
We hear about it all the time, but we always think it will never happen to us. The fact is, more people are hybrid working, hackers are getting cleverer, and it just takes one click on that harmless-looking link for it all to go wrong…
Here are the top three tips which helped us to be able to respond so quickly:
- Have a plan – we did – and we put it into action immediately that we were made aware of an issue. Everyone should have a Disaster Recovery Plan, before being exploited, not after. It can be as simple as just having a point of contact who can quickly go through disaster recovery protocols and, at the very least, stop any further damage being caused immediately. The aftermath can still be sorted over time, but it’s vital to have someone who knows how to resecure the systems immediately
- Get a good cyber person in your address book, and have their contact details ready. Scouting around for the details of someone you know and trust when you’re in the middle of an attack wastes valuable time. Happy to share the details of our guy if you want to get in touch
- Know what you’re going to say to people.
The approach we took was because we wanted to protect people – hence the communications with people who might be affected.
Even major institutions worth £100Billion+ have vulnerabilities and have been exploited in the past, notably by way of ransomware attacks and the like.
When anything goes wrong, the gut reaction may be to keep things quiet and not acknowledge there has been a problem. However, our firm view is that being open and honest when issues crop up is by far and away the best approach.
No one can completely avoid all risks at all times but having a way to deal with problems when they occur as soon as possible is a very vital skill in any business.
You can’t learn from something if it’s swept under the carpet.
Knowing the approach we were going to take enabled us to draft the wording quickly and get the message out.
In hindsight, we could have prepared it in advance just in case – we have now!
Fingers crossed you never have a day like we did but having a plan in advance will make sure you are better prepared.