Yet more than 80% of business owners that we speak with have not considered their risks and/or do not know if anything is being done to mitigate them.
Just prior to writing this copy I was speaking with one of my clients. He was asking me if they are protected against “CryptoWall” (Ransom-ware). The reason for his concern was that an associate company (Name Withheld) had just last week been hit with a serious ransom-ware virus.
The virus had encrypted all shared network files and also the Server Backups, grinding their business to a holt. Sadly, their IT guy had to recover from an old backup. I imagine this would have impacted heavily on the business and their reputation with clients.
Interestingly, the company he spoke of is a large accounting firm with 30+ accountants. His comment to me was
They are a large company, how can this happen? If it can happen to them, surely it can happen to us.
The bottom line is that this should not have happened to such an extent. It is not always possible to prevent virus attacks. However, you can certainly ensure that the impact is minimised and that Server and Data backups can not be compromised. Quite simply, their systems were not set up effectively by their IT provider.
Without knowing the specifics of this company, in my opinion both the IT provider and the company management are probably both at fault.
The IT provider could and should have done more to ensure the systems could not be so badly compromised.
However, the company management should be taking responsibility for their own risk profile. They should be asking their IT provider the hard questions and making sure that they are in control. You don’t just hand your bank account to your accountant and say “Run my business”, so why would you hand your critical IT systems to someone and say “Run my business”?