These are perilous times for business as many are closed down and unsure when they will open again. Some companies are able to have workers function in their homes but this was done so quickly that cybersecurity precautions may not be in place.

We reported Travelex servers were down due to Ransomware on January 2, 2020 and it turns out they were hacked by a group called Sodinokibi, named after the ransomware virus. We published an update from the company’s CEO a few days later. At the time he said, “We regret having to suspend some of our services in order to contain the virus and protect data.” 

The UK foreign exchange company had some of its servers offline for weeks as a result of the attack. They eventually paid the hackers 284 bitcoin or $2.3 million.

According to the Wall Street Journal, this incident led to a spiral – exacerbated by the lack of travel thanks to the Covid-19 Coronavirus pandemic. Investors are now questioning whether Travelex can operate – also due to its financial arrangements.

Travelex parent company Finablr said last month, it is preparing for a collapse.

Companies need to prevent dealing with a hack during this pandemic – the combination of two negative events striking at once could be far more difficult to survive.

Hackers are aware that more workers are home and are probing these networks and computers for weakness. They are looking for new ways to infect corporate assets – servers, computer, whatever they can.

The result of increased hacking activity is more success and more companies dealing with the financial impact of pandemic business stoppage and ransomware or worse.

The easiest way to hack an account is via phishing or sending an email or message to a user which is an imposter. Something that looks like it is coming from their bank or credit card company, etc.

When the user clicks on a link, they could download malware and they could also be entering a user name or password when they click. For example, if the phishing email comes from a bank and asks them to enter their user name and password.

Spear phishing is a more targeted way to get the target to click. Doing a bit of research on a user and then sending them a targeted message is how this is done. Hackers can also determine interest level based on where workers work or live. Sending what appears to be free Cowboys tickets in an email message to people working in Dallas is probably a solid strategy to get a high click rate.

Our experience is a generic phishing message can get a greater than 90% click rate. Our division PHISH360 has a solid track record in phishing simulation.

The reason companies perform such simulations is to train users. By not constantly testing workers, your organization is literally at the mercy of global hackers who ARE constantly sending messages. Training is not perfect, but it is inexpensive and prevents users from making a mistake which can cost a business their future. Eventually, the legal consequences, fines, loss of customers, etc. will sink a company. At a minimum, it will cause all of the above issues and cybersecurity rates to skyrocket.

We are not saying phishing simulation is all you need – cybersecurity is a holistic discipline. It requires technology and know-how. AI-based anomaly detection might have helped catch these breaches early. Obviously, systems need to be patched – firewalls and VPNs configured correctly, etc. Then there is partner software. Sometimes it can have holes in it which hackers are crafty enough to utilize to get into systems. British Airways received their $229 million GDPR fine the same week as Marriott due to web chat software which had a security hole.

Our company Apex Technology Services has a tremendous amount of experience dealing with cybersecurity issues such as these. We have global customers from the Fortune 200 insurance company all the way down to small medical and financial trading companies. Our broad experience has helped our customers stay as secure as possible. There is no foolproof security of course but working with a dedicated team of motivated professionals is the most important part of staying secure. Staff turnover, low morale, poor management, etc., eventually leads to mistakes or at least overlooked issues. For example – forgetting to patch systems which is common to many organizations means companies are more at risk than they know. Many have been breached already and won’t realize it until they are about to make a bank transfer and a hacker impersonates someone and offers their account number – thus stealing the entire transfer.

It is never too early to take cybersecurity seriously. Contact us – we want to help keep you more secure