Security
Managed & Cloud

One of Your Sales Team Just Opened a Dodgy Email Attachment: Here's What Happens Next…

Sanjeev Malhotra, Chief Information Security Officer
Sanjeev Malhotra, Chief Information Security Officer

The dodgy email attachment is an “executable” that invisibly installs malware (malicious software) onto their PC. Your employee is none the wiser. The malware sits there recording every keystroke. Whilst much of what they type may not be that fascinating patterns will quickly emerge enabling Hackers to identify valuable information, such as usernames and passwords. 

1. Hackers then use that user name and password to logon to your network. They browse around the applications and shared drives that your employee has access to.  It turns out that your IT team were busy on the day this salesperson joined the team, they didn’t spend much time limiting access for this particular individual. As a result, the hackers gain access to the on-premise server that runs your finance system. They install some ransomware on that server and then logoff. 

2. Next morning (the last day of the month) your finance team try to log on – but are blocked – and get a weird message. You receive an email demanding that you pay a large sum in cryptocurrency to regain access to your finance data again, otherwise you’ll be locked out indefinitely.

3. You ring your IT team. You ask about back-ups. The silence is deafening.  

Your ring your CEO and Shareholders to share the news. You have to rebuild your finance system from the last good back-up (taken three months ago). You have to ring customers and suppliers to ask them to help you bring their accounts up to date. It takes three weeks for you to print another invoice and receive cash. It takes three months to generate a P&L and Balance Sheet in which you have confidence. 

4. We’re not being over dramatic. This happens every day to a CFO/FD in the UK. The risk is real – and existential. 

How TSG Can Help 

We can help you minimise the risk of being hacked – but because the risk cannot be eliminated, we’ll also encourage you to focus on ensuring that you can recover fast. We can, on your behalf: 

  • Deploy and administer Microsoft Entra – this defines who has access to what assets on your network. 
  • Move your finance system to the cloud – where it is much more difficult for hackers to access/corrupt. 
  • Deploy and maintain Microsoft Defender – to identify Malware before your Salesperson can open it. 
  • Deploy and maintain Microsoft Sentinel t0 monitor activity on your network and identify activity that is suspicious. We can then take the appropriate action – or tell you what you need to do. 
  • Deploy, maintain and test back up software that ensures you have a viable backup that is right up to date. 
  • Use that backup and deploy a clean system within 24 hours of a successful hack.
  • Help you demonstrate your cyber preparedness through NIST or Cyber Essentials certification.

Contact Us:

 

Related Articles

Blogs
Are You Practicing Safe WFH?
Security | Managed & Cloud
Are You Practicing Safe WFH?
Blogs
One of Your Sales Team Just Opened a Dodgy Email Attachment: Here's What Happens Next…
Security | Managed & Cloud
One of Your Sales Team Just Opened a Dodgy Email Attachment: Here's What Happens Next…
Blogs
From Hack to Cash. How Quick Will You Recover?  
Security
From Hack to Cash. How Quick Will You Recover?  
Blogs
3 Business Strategy Questions You Should Ask of Your IT
Managed & Cloud
3 Business Strategy Questions You Should Ask of Your IT