You probably understand the immediate damage that inadequate cyber security can do to your organization, but few think about the long-term consequences.
Ransomware attacks can cause data loss, ransom payments, halted operations, and increased costs to fix and make your systems secure (which you should have done before you were hit).
Misconfigured systems may be exploited via an unpatched software vulnerability, causing a distributed denial of service (DDoS) attack or infiltration via a router with a default password.
Untrained or careless employees may click on a link or attachment in a phishing email, allowing hackers access to your network.
All these cyber security events can harm your business by costing money, impacting operations, and harming employees or customers via theft of information.
The less tangible damage, which may cause even more significant harm, is loss of faith.
For a county government, this may mean elected officials are not re-elected.
For a non-profit, this may mean reduced donations.
For a business, this may mean going out of business.
Recently, we worked with a local company that was the victim of a phishing attack. An employee received an email that seemed legitimately from a potential vendor with whom they had been in discussions. They opened an attachment that appeared to be a quote. However, it was not. The employee knew immediately that it was a phishing scam.
Next, they realized they were no longer receiving any emails when they usually would get numerous daily. The attacker had infiltrated the employee’s email. Not only did the attacker gain access to the employee’s address book, but they also set up a rule that forwarded all incoming mail to the attacker.
The attacker then sent emails appearing to come from the employee to those in the address book, including their clients!
The small company had several large corporations as clients. The phishing attack and the new phishing emails that were now sent to the clients caused damage worse than an exfiltration of data or a ransomware attack. The harm was in good faith with their customers.
Immediately, one of their largest clients ceased all electronic communications with the small company. The larger company’s email server blocked all emails from the smaller company’s domain. This not only hampered communications, but it was also how the small company invoices their clients… Now, they were unable to get paid.
The client then demanded that if the small company wanted to continue doing business with them, they had to obtain cyber security services and provide proof. Trust was lost.
While this seemingly would solve the immediate issue of protecting the small business and appeasing the client, it was not all “forgiven and forgotten.” The relationship has not been restored to its previous level of trust. At this point, it is unknown how long the client will retain the small company’s services. That in itself will have a substantial negative impact. However, it may also damage their reputation with other clients with whom the small company does business. Not to mention the client’s hesitation to recommend the business to their peers.
When was the last time you recommended a restaurant with poor service? People are far more likely to share a bad story than a good one.
The answer is to implement cyber security before a client pressures you. With as much time and effort as it takes to land a new customer, you must protect them and their data as much as you protect your business and employees. Otherwise, there will be no business left to protect.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.