We’ve had several clients who have joined us after being the victim of a cyber-attack which has cost their business a lot of money. We’re sharing some of their stories with you as we thought it would be useful to understand the mistakes you can make when it comes to email security. More importantly, this article will tell you the steps you can take to avoid security breaches, which could cost your company thousands of pounds.
We want to protect the identities of our clients, so we won’t name any names.
Clicking the wrong link could cost you dearly
Diana, a long-time employee at Company A clicked on a bad link which ended up costing her company £7,000 to fix.
She was going through her work emails, when she clicked on a seemingly innocent link in her inbox. Little did she know the impact this split-second decision would have. It was what the hackers were waiting for. All it takes is for one person to slip up and your business can be compromised. As a result of Diana’s actions, the hackers were able to infiltrate Company A’s network and encrypt all their files. This left them with little options and an expensive mess. It is never advisable to pay ransoms, as there is no guarantee the hackers will actually decrypt your files. It is more advisable to seek expert advice to help you through a difficult moment like this. If you outsource your IT to an IT Support Partner they will help you make sense of things.
It ended up costing Company A £7,000 to sort out the mess they had found themselves in. Unfortunately, it was needed to get them back up and running again so they could work as normal. The cost of making this right can be a hard pill to swallow for most companies. It’s something that could potentially have been avoided if Company A had invested in Security Awareness Training for their employees.
Company B were the victim of CEO Fraud. This occurred when a member of their accounts team received an email seemingly from their CEO. At first glance the email looked trustworthy. Often cyber criminals will create a sense of urgency in order to trick recipients. In this case the person in question – Mark – was fooled by the email. He responded to what he believed was his CEO’s request for money to be transferred. Unwittingly he was sending £8,600 to a cyber-criminal. In the space of a short moment, the business lost a large sum of money, one which they couldn’t get back. Learn more about CEO Fraud here.
How could Mark and Diana have avoided making this mistake?
- Always take your time to look at the sender email address (often this is the best give away for a fake email).
- Double check over the phone with your boss or finance team before carrying out large money transfers. They will thank you for it, trust me.
- Check what a request relates to before actioning it. Chances are if this seems a little out of the blue it might not be genuine.
- Always complete your security awareness training. If your organisation doesn’t offer this to you it might be worth suggesting it. 98% of attacks rely on social engineering. Making sure you are educated and know what attempted hacks might look like is the first step to protecting yourself. Contact us to learn more.
How to protect your organisation
If you are a company owner reading this, wondering how you can protect your organisation, I can’t stress enough how important it is to train your staff to recognise potential threats. Outsourcing this through a Security Awareness Training service is the quickest and easiest way to get this done.
A small investment now could save you thousands in the long run. It will also protect your company’s reputation. How many articles have you read about companies who lost millions as a result of a hack?
Larger organisations often get the most media attention in these cases, but smaller businesses are just as at risk, if not more. SMEs often have lower defences, which make them vulnerable. Ensuring you have a proactive IT Partner (if you outsource your IT) and your staff are well trained in security awareness is the best defence you can give yourself.
To learn more about how you can educate your team and protect your business start a conversation with us.
Or give our account management team a call to learn more on 02036 574 489.