Issue link: https://iconnect007.uberflip.com/i/1267313
48 DESIGN007 MAGAZINE I JULY 2020 covered hardware if there was physical damage, meaning they were rendered useless. We also had another issue with a specific customer. We submitted the invoice onto their system, but with our profile in their system, that's where we submit and place our bank and routing infor- mation. Somebody was able to log into our account and change that bank and pay- ment information so that the vendor started paying to that wrong account. But when we reported it, it took them almost two weeks to even stop sending payments to it and to start a process of fixing the situation. Matties: And how did you discover that was an issue—by receivables not coming in and you were making some calls to inquire? Cormier: Yes. That was the first stage, but we also received an email. One of our accounting people had received an email about an account change. We immediately looked and I told them to change the password on that site. We didn't think any- thing further because it didn't notify us of what changed. That was another thing the hackers didn't have and didn't include in their system. By not knowing what changed, I assumed it was a password situation. We reset passwords and con- tinued business as usual, and then discovered a couple of weeks later when we weren't getting paid that the information had been changed on their system within their profile. Matties: The advice is, when you get an account change notification, don't assume anything. You should email them and verify what's being modified, especially when it's a financial account. Cormier: Right. In most financial accounts, whenever you make changes like that, and you put in your financial information, it gen- erally sends you a confirma- tion saying, "Your financial information was changed." It gives you specifics and time- stamps on when it occurred. In many cases, it will tell you what IP address the change came from. Those are certain things that you think would be a given but weren't in this case, and it has been a long process trying to get intel- ligence information back to make proper inquiries and resolve it. Matties: The question that comes to mind is, "Are these two events connected, or are they isolated and coincidental in timing?" Cormier: They were coincidental in timing. Everything occurred at least a month or two before our ransomware incident. Matties: Good advice. Back to the insurance review, what changes or recommendations would you have people consider when looking at their insurance coverage? Ryder: I would recommend getting a cyberse- curity incident policy. That's what it has to be. And I've heard that some insurance companies are now at a point of not even writing policies like that because your hands are pretty much tied. These people can get into your stuff, and there's no preventing it. But as Eric is pointing out, the policy has to be written specifically to that. Otherwise, your typical business interruption policy is not going to cover these kinds of things. We found out the hard way that business interruption insurance covers natural disasters, such as fire and flood. But even floods become an issue because if you don't have specific flood insur- ance, they may not cover that either. Matties: This is a real out-of-pocket expense for you. Dave Ryder