We’re starting this article off a little differently, because the topic is so important. This is the story of a rough couple of weeks at GreenLeaf Accounting.
The Phishing Incident at GreenLeaf Accounting
Chapter 1: “A Simple Mistake”
GreenLeaf Accounting, nestled on a typical city block, was humming with daily activity on a late November afternoon when an employee, misled by a cleverly disguised phishing email, clicked on a hazardous link. This action triggered alarms about a potential security breach. Unsure of the effect and seeking to limit potential damage, the company contacted their key service providers. GreenLeaf’s bank, per their procedures, froze GreenLeaf’s accounts as a precautionary measure.
Chapter 2: “Immediate Consequences”
The atmosphere inside GreenLeaf Accounting quickly became tense. Evelyn Green, the head of the firm, faced a challenge unlike any other in her career. The bank’s decision to lock down their accounts to prevent outbound transfers due to the hack meant that even legitimate financial activities were now halted. The investigation into the incident was essential but time-consuming, leaving Evelyn in a state of anxious uncertainty.
Chapter 3: “What Actually Happened?”
In the movies it’s always easy to tell when a computer’s been hacked. The entire monitor screen flashes with a big red warning image. In the real world, it’s not obvious. And it’s even harder when you’re not even sure there was a hack. The process of chasing down transactions takes time, and it’s a lot easier when everything isn’t moving. Disabling everything makes it faster to check all the systems, but it means work stops and payments aren’t flowing.
Chapter 4: “Unforeseen Impact”
A challenge nobody, least of all Evelyn, had considered; it was the end of the month before the holidays. The company normally runs payroll at the end of every month, but having accounts frozen during the investigation means that even though the company knew exactly what every employee should be paid come December first, none of the automated payroll processes were triggering. Delaying or missing payroll even when there was enough money in the bank wasn’t something she’d ever considered could happen.
Chapter 5: “Racing Against Time”
For GreenLeaf Accounting, each day without a resolution was critical. Being cut off from their funds actually wasn’t impacting the firm’s financial health, but it was doing a number on employee morale. Luckily the team investigating the issue finished on December 4. There was no breach. The phishing attack was unsuccessful. Bank accounts unfrozen, GreenLeaf processed payroll as quickly as they could. It was four days late, and they were the longest four days of Evelyn’s career.
Part 2: Three Months Earlier
Chapter 6: “A Missed Opportunity”
Three months before the phishing incident, Evelyn Green, owner of GreenLeaf Accounting, had a routine meeting with her small team. There had been news of another company in town, and the team briefly touched on their own cyber incident response strategy. However, with the daily demands of running a small business, they ended up moving on without setting an action item to follow up.
Chapter 7: “The Road Not Taken”
If GreenLeaf Accounting had taken the time to develop and implement a detailed business continuity plan, the situation they found themselves in could have been drastically different. Here’s what they should have done:
- Secondary Financial Arrangements: Establishing a secondary bank account or a line of credit with different financial institutions could have provided a safety net. This would ensure that, even if one account was frozen, the business would have access to emergency funds to meet critical expenses like payroll.
- In-Person Withdrawal Plan: Setting up a protocol for emergency in-person withdrawals would have been a prudent step. This would involve arranging with the bank beforehand to allow for expedited access to funds in case of a cyber emergency.
- Regular Testing of Business Continuity Plans: It’s not a plan unless you’ve tested it. GreenLeaf should have conducted periodic drills to simulate different types of cyber incidents, including account lockouts, to ensure their response strategies were effective and employees were familiar with the procedures.
- Understanding the Best-Case Scenario: In this scenario, the employee did recognize and report the phishing attempt immediately. Having their accounts frozen during the investigation, while disruptive, was far better than alternatives like ransomware lockdowns or financial theft. Even the best trained workforce can make a mistake. Knowing what to do when the mistake happens is the key, because when it comes to cybersecurity you can’t guarantee prevention
A Cautionary Tale
By not having these measures in place, GreenLeaf found themselves in a precarious situation. It’s a fictional story and company but the scenario and consequences are very real, especially for small businesses that might feel they are less at risk.
Until it happens to them, a lot of business owners have a very unrealistic picture of how things will play out if they fall victim to a cyber attack. Even in a ransomware scenario, they figure they’ll let law enforcement deal with the criminals and their cyber risk insurance will take care of the rest.
But it’s these unusual circumstances that are the ones that cause the most havoc. You can’t run payroll because the accounts are temporarily frozen. If your business was unable to pay staff or vendors for a month, how many of either of them would you still have at the end?
These are questions no business owner should have to consider alone. Arch Access is the trusted cybersecurity partner to help you build and test your Cyber Incident Response and Business Continuity Plans when things are fine, and we’re here 24/7 to help when things go wrong. Contact us at sdeal@archaccess.com to learn more.