There are times when you think you’ve done everything possible to prevent a disaster – but it still happens regardless.
Unfortunately, the aftermath of that disaster is something our team sees time and time again when a business has been the victim of a cyber attack.
Unfortunately, this happened to a recent client – an Architecture and Interior Design company in London.
Big Budgets = Big Risk!
With international offices dealing with clients who have big budgets, projects can often run into the hundreds of thousands of pounds. Unfortunately, this also is a perfect stomping ground for hackers to do their work.
In this case, hackers were able to infiltrate the IT systems and gain data about the clients, including their emails. Then they sent an email ‘from the architect’ asking for payment of the client’s account. These emails were convincing in both style and tone and quickly convinced the recipient that they had received communication from the architect himself, asking for payment of their account.
To make the situation even more convincing, the hacker then followed up the email with a telephone call pretending to be the architect. They also dared to chase the clients for the money! Unfortunately, two clients were convinced by these attempts and paid substantial amounts of money into the criminal’s fake bank account.
The penny drops
The red flag came when one of the clients had an alert from the bank when processing their payment. It was at that point that it occurred to them that the email and subsequent call did not come from the architect.
Call in the experts
The insurance company that was dealing with the incident kindly recommended our team to have a look through means of an audit. We were able to undertake a thorough inspection of the Office365 Tenancy to see where they were vulnerable. There were a lot of preventative measures already put in place, including 2FA (2-Factor Authentication).
However, it transpired that even though the email system had 2FA configured, not every email user had it switched on, and it was this issue that allowed the cyber-criminals access.
Thankfully, those clients involved were covered by insurance, but this can take months to remedy, and all the while, payments to the correct people are not being made causing inconvenience and upset.
The purpose of an audit is to check that everything possible is in place to prevent a hacker from causing damage. In this case, almost every box was ticked; however, one element was missing, which gave the criminal an avenue into the system and the ability to cause disruption.
All boxes ticked?
Are all your systems safely protected against the acts of cyber-crime? You may think everything is secure, but wouldn’t it be better to have peace of mind and know it’s safe? Our team will work remotely to look at your systems and gather information with minimal disruption to your day to day business. Why not see how we can help you… before the cyber criminals help themselves!