It was a Monday morning in April – I’ll never forget it. I arrived at the office to find all systems down. Russian hackers were holding our data files and computer systems for ransom. All the years of blood, sweat and tears that I had poured into this business flashed before me. I saw this as the moment that would end my business…
Casey Galloway: Although this sounds like scene from a cyber-crime thriller, it’s a true story. I recently sat down with my client, the owner of a printing and mailing services company, to talk about a data breach they experienced and what they learned. As the owner of a small Montana business, they never dreamed their business could be the victim of a ransomware attack. What follows is a Q&A account of the aftermath and their advice to other business owners facing similar threats:
So after you recovered from the shock of the attack, what did you do next?
My Chief IT manager ran the usual IT fixes of unplugging the network and turning off the computer and restarting it. Nothing worked. My next call went to PayneWest. You gave us the hotline phone number to be used in the event of a data breach. I swear to you – in less than one hour we got a call back from a law firm specializing in cyber liability issues. They immediately got their team involved and then brought in a cyber security firm specializing in Ransomware.
After the cyber response team stepped in, how did the next 48 hours look in response to the attack?
Arranged a payment. We had legal and cyber experts assisting us every step of the way. They contacted the hackers and negotiated a settlement. They arranged for payment in Bitcoin but only after verifying and testing the ‘unlock’ code from the hackers. We would not have known what to do if we had been attempting to negotiate a settlement without them!
Tested our systems. The cyber team tested our system and had us up and running in less than 48 hours. Although we were back to work we still had to understand how the breach had happened and what we needed to do to fix it.
Assessed the damage. We had to create a backup copy of our entire system for the last 20 years. We sent it to the cyber firm and they audited the system to determine whether or not any confidential data had been breached. They provided a thorough and professional report that included all recommended fixes to improve the security of our system.
Verification of sensitive data. The cyber team determined no confidential information had been breached so we were not required to notify any parties. Then the legal team issued an opinion of counsel verifying the cyber team’s report. The total cost for all these fees was over $50,000. The cost would have been drastically more had any confidential information been breached.
Looking back, is there anything you could have done to prevent the breach from happening?
We could have hired an outside IT firm to do daily or weekly audits but quite frankly, even then, it could have eventually happened. Any system can be breached. We figured being a small firm in Montana meant we wouldn’t be targeted. Ha! It wouldn’t matter if we were in Timbuctoo – everyone is vulnerable.
Any words of advice for other business owners?
Every dollar I paid for cyber liability insurance – I would have paid double. The insurance is invaluable. I likely could not have recovered if I didn’t have the insurance in place.
One last question: Despite recommendations, it took you several years to come around to cyber insurance. How has this experience changed your perspective on cyber protection?
You’ve been my insurance agent for over ten years now. I realized that after two years in a row of you recommending this coverage it likely wasn’t going to go away! So, I grudgingly paid the premium every year without truly believing something like this could happen to me. I’m just so thankful we had cyber liability insurance on that day.