Early last year, a local business owner browsed through his emails and clicked a link he shouldn’t have. It looked normal, connecting to what seemed like the official website for one of the office software tools he uses. He tried to log-in, but it didn’t work – that’s because the website was fake, and a thief had just stolen his email log-in information.
For a long time, it seemed like nothing came of the incident. The thief never locked the business owner out of his accounts or tried to coerce money out of him, they simply waited. Biding their time. Then, a year later, the business owner’s contacts started receiving suspicious emails containing strange links or downloads from an address that looked just like his. It set off an alarm bell for the cyber security team at BucherTech, local business IT professionals.
“I knew right away that they had no reason to be sending me DropBox links, so I knew something was up,” said Tim Bucher, President of BucherTech. “Let’s say for example that my email address ends with BucherTechInc.com. What this thief did is swap the capital I for a lowercase l, so it looked exactly like their emails were coming from that business owner’s address. It’s a pretty ingenious way to hack somebody.”
Since the initial security breach happened a year ago, the business was caught completely off guard.
“For these hackers, this is their occupation,” Bucher said. “They’re planting seeds now that they’ll harvest when they see fit. As an IT firm, everyone at our office knew not to click those links, but many of that businesses’ partners might have, and they’re probably getting ransomware as we speak.”
Ransomware can be devastating for a business, with their data being locked away by hackers unless they pay a high ransom. The business owner whose name and address were hijacked to send those ransomware emails might not have had his data stolen, but he is also in a very challenging situation.
“This business has chosen to replace their domain due to the work required to put the genie back in the bottle,” Bucher said. “They might not be out money, but a lot of his friends might be. It’s a big reputation hit, and that comes with a lot of soft costs.”
One simple mistake while browsing led to a cascade of costs for him and his associates. BucherTech specializes in preventing that mistake from being made, and reducing the damage that happens if it is.
They offer training that will improve the browsing habits of a business owner and their employees, letting them recognize that suspicious email before it has a chance to do any harm. They also offer tools like two-factor authentication, which requires you to enter both your password and a code sent to your phone before logging into your accounts.
“The more steps you take to protect yourself, the less chance you’re going to get hacked because hackers go where the easy money is,” Bucher said. “Some businesses are reluctant to add extra steps to their security, because they see the added time as getting in the way of productivity. This business owner did not have enough security, and now they have all kinds of productivity problems. You think you don’t have the time for security until you get hacked – and then you’ve got time for it. While we recommend strong security measures for all clients, not all follow our advice.”
To learn more about BucherTech and how you can protect your business, visit buchertech.com.