Article Read Time
You probably understand the immediate damage that inadequate cyber security can do to your organization, but few think about the long-term consequences.
Ransomware attacks can cause data loss, ransom payments, halted operations, and increased costs to fix and make your systems secure (which you should have done before you were hit).
Misconfigured systems may be exploited through an unpatched software vulnerability, resulting in a distributed denial-of-service (DDoS) attack or infiltration via a router with a default password.
Untrained or careless employees may click on a link or attachment in a phishing email, allowing hackers access to your network.
All these cyber security events can harm your business by costing money, impacting operations, and harming employees or customers via theft of information.
The less tangible damage, which may cause even more significant harm, is loss of faith.
For a county government, a cyber security breach may mean elected officials are not re-elected.
A non-profit a cyber security, may mean reduced donations.
For a business a cyber security, may mean going out of business.
Recently, we worked with a local company that was the victim of a phishing attack. An employee received an email that seemed legitimate from a potential vendor with whom they had been in discussions. They opened an attachment that appeared to be a quote. However, it was not. The employee knew immediately that it was a phishing scam.
Next, they realized they were no longer receiving any emails, despite usually receiving numerous emails daily. The attacker had infiltrated the employee’s email. Not only did the attacker gain access to the employee’s address book, but they also set up a rule that forwarded all incoming mail to the attacker.
The attacker then sent emails appearing to come from the employee to those in the address book, including their clients!
The small company had several large corporations as clients. The phishing attack and the new phishing emails sent to clients caused damage worse than an exfiltration of data or a ransomware attack. The harm was in good faith with their customers.
Immediately, one of their largest clients ceased all electronic communications with the small company. The larger company’s email server blocked all emails from the smaller company’s domain. This not only hampered communications, but it was also how the small company invoices its clients… Now, payments couldn’t be taken.
The client then demanded that if the small company wanted to continue doing business with them, they had to obtain cyber security services and provide proof. Trust was lost.
While this seemingly would solve the immediate issue of protecting the small business and appeasing the client, it was not all “forgiven and forgotten.” The relationship has not been restored to its previous level of trust. At this point, it is unknown how long the client will retain the small company’s services. That in itself will have a substantial negative impact. However, it may also damage their reputation with other clients with whom the small company does business. Not to mention the client’s hesitation to recommend the business to their peers.
When was the last time you recommended a restaurant with poor service? People are far more likely to share a bad story than a good one.
The answer is to implement cyber security before a client pressures you. With as much time and effort as it takes to land a new customer, you must protect them and their data as much as you protect your business and employees. Otherwise, there will be no business left to protect.
At Commonwealth Sentinel, we can assess your existing IT security and collaborate with your team to enhance it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.