A Sophisticated Hack

Visit Website View Our Posts

As cybersecurity evangelists for small and medium businesses (SMBs), we are constantly producing content, messaging, and webinars on the subject,endlessly trying to convince business owners that they’re at risk of cyber criminals taking money from their bank accounts. 

But when we speak about the risks to businesses, it always sounds so abstract. To most, cyber thefts are like trees falling in the middle of the forest—if no one is there to hear it, did it really happen? 

Rather than referring to random incidents or crime statistics on government websites, we decided to tell the story of a small business who got hacked at the end of last year. We thank their management team for allowing us to produce this article for the benefit of SMBs everywhere.

The QuickBooks Invasion 

Just like any other payday, Preston Sauer logged in to his QuickBooks online account to pay his employees. As always, the process to generate electronic payments, associated reports and emails was simple and straightforward. Except it didn't work this time. Instead of getting the typical verification screens, he got an error message asking him to call a QB support number.

As we all know, connecting to a technology support call center is about as fun as removing a wisdom tooth: painful and time-consuming. Not surprisingly it took a few days to navigate to the right people at QBs after escalating through layers of technical and user support to the fraud prevention department.

Once connected to the fraud team, Preston was told that the internal security auditors had stopped two suspicious $30K outbound payments and tried repeatedly to contact him about it. Preston never received these messages because the hackers had changed his email addresses and phone numbers on his account. Not only did the criminals try to electronically steal funds, they also hoped to control his account moving forward.


The Hack that Keeps Going and Going…

The QBs fraud team helped get the account information restored to valid contacts. Other than dealing with the hassle of the manual calculation and issuing of checks, all involved believed the incident was behind them. Life would move on…right? Wrong!

A few days later, the QBs fraud team suspended the account again from generating ACH payments. Another attempt was made to steal money. This is common in our experience with cyber criminals… they always try again. With help from the fraud team, the account information was restored again. 

After putting additional security measures in place with two factor authentication set up for both Office 365 email accounts and the accounting system, Preston was alerted that the criminals had tried a third time to break into the accounting system without success. It was obvious they would keep trying.

Once the immediate threat was eliminated, I asked Preston about his impressions of the sequence of events and the impact on his business.

In Preston’s Words 

“I always thought that small businesses were flying under the radar, and that only large organizations would be targeted. Because we’re small it never seemed like it would be worthwhile for criminals to bother with us. But after talking to you guys at CIS, I realize how advanced they are, and how non-advanced we were. We were wide open easy pickings. Until we were hit, I had heard of cybercrime, but thought it was just insurance people trying to sell you more coverage. I wondered how slim the odds were for something like that happening. Now I wonder why it doesn’t happen more often because I’m sure many businesses out there aren't even as protected as we were.”

“It made me realize how much of our information is vulnerable, but having the right infrastructure in place allows you to conduct business safely. Even though it may add some extra costs, the protection is totally worth it.”

“We could never afford to have people internally who would have the knowledge needed for cybersecurity; having third-party experts available allows us to have the protection we need. By partnering with CIS we feel like our banking accounts are safe and our customers' information is protected as well.”

Preston immediately hired CIS for a network security assessment and remediation plan. The plan includes technical changes and changes in security policies for the administrative staff who can be surprisingly resistant to new processes, especially with password policies.


A Happy Ending for Everyone (Except the Hacker) 

I asked Preston how his people were reacting to the aftermath of the security incident and whether they were onboard with the changes. Their reaction was immediately positive. Evidently, the management before Preston had been lackluster with customer credit card information which led to exposure incidents in the past. No longer is this a worry.

I also asked Preston about how his impression of cyber-crime and small businesses has changed. I liked what he had to say.

“When I first realized a criminal had broken into our bank through our system, I was worried that clients would see this as a negative against our company. But with the help of CIS, I now see this as a positive investment in our business. Just like any other improvements we do, we are happy to announce to our customer base the investment we’re making in our technology to keep them safe—whether it is their personal information, their credit card information, or their Wi-Fi connection in our waiting lounge.”

The moral of the story here for all my ERP warriors is without the proper security for your ERP, and the solutions you use to streamline your processes your company is in danger. Lurking at every corner is a hacker waiting for a way in. The slightest mishap resulting from human error or otherwise can leave you scrambling like Preston. 

If you would like to learn more about this story and how you can be proactive with Reporting Central's parent company Custom Information Services Trust But Verify model, sign up for a Vulnerability Assessment here.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Show Buttons
Hide Buttons