What happens when you get infected with malware!
Roger Smith
4 x author on securing #nonprofits, #SMEs, Associations and Charities from cyber events using enhance #cybersecurity concepts. Start now, do the self assessment and get your baseline!
I am often rebuked with comments like “we are too small to be a target” or “we have nothing worth stealing”
So I thought I would look at a small scenario!
To set the scene - Let’s take a micro-business making $200k per year
That micro business has 20 clients, 5 suppliers and a number of additional contacts.
That micro-business uses a number of cloud-based services (Xero, Office 365, Infusionsoft) as well as a number of physical devices (laptop, tablet, phone)
Your devices are targeted by a random ransomware attack.
You receive an email that looks legitimate, a text from the post office, a pop-up on your laptop.
The attack does not leave any visible infection indicators, but you are now infected.
In reality, your device is no longer yours.
Let’s now assume that your attacker is someone who knows what they are doing (only about 30% of cybercriminals know what they are doing)
This is where your problems start.
You may no longer have access to your cloud-based services.
Your data and systems are encrypted.
They have stolen your intellectual property (data), they have access to your finances, they have access to your clients and vendors and they have access to your systems.
So although you think you have nothing worth stealing, what you do have, they have stolen it all.
They can use your access to steal money from you.
They can access your data, credentials and your services and sell it on the dark/deep web,
They can sell access to your technology.
They can now target your clients with a fake emails that come directly from your system.
Your clients now have a problem!
They use the implied trust relationship between you and your clients.
That implied trust allows the criminal to send an email, as you, to your clients to change their payment details to a new bank account with a new phone number for them to confirm.
Or to a vendor and get them to deliver products to another location, guess what, you still get the bill.
They can send them a virus so that they can now target them as well.
They now have access to their clients and their clients and so on.
But,
Your family also has a problem!
That implied trust is 10 x more effective when it is a close relative or friend.
Those close relatives could be employees of government departments or multinationals.
You can see the issues with that, surely?
Now you probably think that this is all bull.
We get one or two infected computers into our office every day.
It is so important that you are aware of and have implemented the essential 8 strategies.
It is so important that you have implemented the basics - firewalls, endpoint protection, awareness training and password hygiene.
Please do not be ignorant and say to me “we are too small to be a target of cybercrime” it just makes me feel depressed.
Do you want to become a more secure organisation and learn more about cybersecurity? Connect with me, follow me, message me here on Linkedin or email me at roger.smith@caremit.com.au
#ACTIONplan #ExecutivesAndManagement #ProfessionalWomen
[-Oak™] Software Engineer and Game Designer
2yA lot of cyber security is routine and continuing education. Takes a dedicated guy for small outfits, definitely needs to be one of the first twenty employees.