We do not do a lot of cold (or even lukewarm) calling, but on the rare occasion we do, a common response is, “we’ve got a guy. We’re good, thanks.” (It seems like it is always a “guy”.) Okay, maybe you do have a guy. But have you done your homework? Is your guy acting in your best interests? Is he competent? Will he be available in an emergency? Do you even know what questions to ask him to find out these answers?
In our business, continuing education is not optional, and a lot of that education is delivered by webinar. On a recent webinar I attended, the speaker relayed the following horror story about an RV dealership with two locations in BC. I would like to use this as a case study and cautionary tale about the false sense of security that comes from having “a guy”.
This dealership was hit with ransomware in early spring, right before their busy season. They spent a couple of days, with limited access to their computers, trying to contact their “IT guy”. Only through this process did they learn that he was not, in fact, a full-time IT professional, but was a tour guide who had a side hustle setting up computer systems, and he could not be reached because he was on a boat in Southeast Asia at the time.
Now in a panic, the company engaged an external consultant, who came in with a response team and began their process. Unfortunately, their process necessarily took several days. When there is likely to be an insurance claim, there is due diligence that the response team must perform, and it can be lengthy. By the time they were ready to begin remediation, several days had passed since the original incident.
The response team learned that there were backups, but the only backup repository was directly attached to the server and had also been encrypted by the ransomware. With no offsite backup, there was no choice other than to pay the ransom.
At this point, I want to pause and reflect on this poor company’s situation. They had gone nearly a week without computers, engaged an external firm at thousands of dollars per day, and learned that they have no backups and must pay the ransom anyway. That sounds bad, but it gets worse.
Since so many days had passed, the ransom offer had expired and there was no way to reach the attacker. This dealership, with 17 staff and millions of dollars worth of inventory spread across two locations, had to rebuild its entire accounting, customer database, and inventory from nothing.
We do not want to paint every one-man shop with the same brush. Some are dedicated professionals and deserve your business. It is important for you to know how serious your IT provider is about their profession and make sure that you have one who is up to the task of protecting you, and taking care of you if those protections are compromised.
If you read this and wondered if your IT provider is also a tour guide, maybe we should talk.