01553 692212

REMOTE SUPPORT
01553 692212

OH NO!! Ive Been Burgled!

Posted February 16, 2021
Oh no Ive been Burgled, Breaking in

It’s 8 am, you get to the office and your front door has been kicked in. ‘I’ve Been Burgled’. Strange, you walk into your office and there are dirty footprints. You check the safe, it’s still locked. The TV is still on the wall, the computers are still on the desks. You call the police, the insurance company and start getting things back to normal. The staff come in and start trying to log in, but the machines are telling you that there is no server attached.

Your heart sinks, You finally realise what is missing. Your Server has been taken. All of your data, programs, work details, project files, are all gone. The staff can not operate as their computers won’t function without that data. Your insurance company arrives and says that the lock on the door was not up to standard and your alarm was not working. You realise that you have let these things slip because you didn’t think it would happen to you, what did you have that thieves wanted.

Your head in your hands, you get an email on your phone. £20,000 gets your server back, it takes you all of 1 hour you click the link and pay the money. 3 hours later, your server is delivered by a man in a van. He Is not involved, he has just been tasked with delivering this piece of equipment back.

You plug it back in and you are working by the end of the day. What has the loss cost you? It has cost you a day’s labour for your 10 office staff, plus the day of IT support in your office let’s say £3000 for the day for those two. £20,000 for the ransom, £2000 for a new door ( which you are haggling over and reduce the cost down from £2500, by not having the latest locks and not the hardiest of doors), Your insurance premium has gone up by £1000 because you have been target (you see this as unfair), and you have the fee for the cleaner coming in to remove the dirty footprints.

By the end of the day, you are up and running and think it is probably going to take a week to get caught up, plus 3 months to recoup the £26,250 you have had to spend. You go home happy.

The next morning, you get to the office and the door has been kicked in…………………………I’ve Been Burgled ………………………………………………….

Ive been Burgled, IT Support, Kings Lynn, West NorfolkThis is an all too familiar story, but it is less likely to be a door, but someone opening an email and clicking a link. Anti-virus is like the door lock, it does a job, but it is not doing everything it should be doing, not to the standards required. Once the Ransomware is in, it can sit and wait days or months before activating. You won’t even be aware it is in. Once it ‘goes live’ it will stop access to your data, You will get your IT support in, charging you a high hourly rate to try and get access.

But you don’t have a backup to restore from, you currently have two options. To start all over again, and pay £15,000 for a new server, time, and Programs. You won’t have your data back but you will be able to operate. The option is to pay the ransom of £20,000. You opt to pay the ransom and get your data back.

But have you solved the problem? You can spend £10,000 with your IT support, but before they can find the problem, the files start to lock again. You also have the IOC knocking at the door, informing you of a fine for a data breach, and an investigation into how you have protected yourself. You contact your insurer, who informs you that you didn’t want to take the cyber insurance as it was too costly. You turn and blame your IT support. Who shrugs their shoulders and says

‘ We had a conversation 3 months ago, I advised that you needed more protection and should be implementing backups. I put a proposal to you, but you didn’t want to pay £xxxx per month for the service. It is not our fault, we are employed by you to do what you ask us to do, which is what we have done.’

You suddenly have a lightbulb moment and go to log in to the cloud-based platform you use, a lot of the data is there. You cant get in. The hacker has locked you out of the account. Changed details and the provider is now having an issue with their service, they start legal action against you to recover costs. The for-sale sign ends up hanging over the door.

This may seem a little far fetch, but it has happened. As a company, we have had the phone call to say a company has been hit with an attack, the MD’s reaction was ‘how much is it ill just pay it.’ That was not an option in the end, and the data was recovered to a point and the issue resolved, but it cost almost as much as the ransom.

Ive been Burgled, IT Support, Kings Lynn, West Norfolk

The Information Commissioner’s Office (IOC) was set up to govern our data and breaches. All businesses have to register with them, and if they have any kind of Breach the IOC has the power to impose fines. They work with businesses and the general public with anything to do with their data, from having it removed from a list to have it corrected. This is everything from names on a piece of paper, to CRMS, to CCTV footage. The IOC sees Cyber Essentials as a good step towards GDPR. If you believe you are GDPR Compliant but are doing Cyber Essentials, even if you are certified, you will not be covered.

 

For more information and to conduct a Cyber Security Risk Assessment, please click here.

< Back to the IT Blog