PCB007 Magazine

PCB007-July2020

Issue link: https://iconnect007.uberflip.com/i/1269815

Contents of this Issue

Navigation

Page 15 of 115

16 PCB007 MAGAZINE I JUNE 2020 covered hardware if there was physical damage, mean- ing they were rendered use- less. We also had another issue with a specific customer. We submitted the invoice onto their system, but with our profile in their system, that's where we submit and place our bank and routing infor- mation. Somebody was able to log into our account and change that bank and payment information so that the vendor started paying to that wrong account. But when we report- ed it, it took them almost two weeks to even stop sending payments to it and to start a process of fixing the situation. Matties: And how did you discover that was an issue—by receivables not coming in and you were making some calls to inquire? Cormier: Yes. That was the first stage, but we also received an email. One of our accounting people had received an email about an account change. We immediately looked and I told them to change the password on that site. We didn't think any- thing further because it didn't notify us of what changed. That was another thing the hackers didn't have and didn't include in their system. By not knowing what changed, I assumed it was a password situation. We reset passwords and con- tinued business as usual, and then discovered a couple of weeks later when we weren't getting paid that the information had been changed on their system within their profile. Matties: The advice is, when you get an ac- count change notification, don't assume any- thing. You should email them and verify what's being modified, especially when it's a financial account. Cormier: Right. In most financial accounts, whenever you make changes like that, and you put in your financial information, it general- ly sends you a confirmation saying, "Your financial in- formation was changed." It gives you specifics and time- stamps on when it occurred. In many cases, it will tell you what IP address the change came from. Those are certain things that you think would be a given but weren't in this case, and it has been a long process trying to get intelli- gence information back to make proper inquiries and resolve it. Matties: The question that comes to mind is, "Are these two events connected, or are they isolated and coincidental in timing?" Cormier: They were coincidental in timing. Ev- erything occurred at least a month or two be- fore our ransomware incident. Matties: Good advice. Back to the insurance review, what changes or recommendations would you have people consider when looking at their insurance coverage? Ryder: I would recommend getting a cyberse- curity incident policy. That's what it has to be. And I've heard that some insurance companies are now at a point of not even writing policies like that because your hands are pretty much tied. These people can get into your stuff, and there's no preventing it. But as Eric is pointing out, the policy has to be written specifically to that. Otherwise, your typical business interruption policy is not go- ing to cover these kinds of things. We found out the hard way that business interruption in- surance covers natural disasters, such as fire and flood. But even floods become an issue because if you don't have specific flood insur- ance, they may not cover that either. Matties: This is a real out-of-pocket expense for you. Dave Ryder

Articles in this issue

Archives of this issue

view archives of PCB007 Magazine - PCB007-July2020