Being vulnerable online can open the door for hackers. However, being vulnerable by sharing experiences and lessons learned can help others respond and even avoid a similar situation.
Two of the panelists at the Better Business Bureau’s recent Cybersecurity event shared their stories for that exact reason.
“I hate the ‘not if, but when’ phrase, but there’s some truth to it,” said Sanford Health Executive Director of Technology Services Brad Reimer.
Sanford Health experienced an attempted ransomware attack over the summer. He said it was an incident, not a breach, because his teams were ready to respond.
“Our success had to do with preparedness and leadership discussions,” he said. “We had the technology, the people, the tools, the training, great partners — and it still happened.”
The Sanford team used its incident command process, most recently activated for the COVID-19 pandemic’s spread of the Delta variant. The ability to pull leaders together for real-time communication proved critical, he said.
“It made a difference for us in the first couple days of how to respond and what we’d be doing,” Reimer said.
Sanford’s IT team had been keeping an eye on other healthcare systems making the news for experiencing breaches and, specifically, how it affected patient care. Some went offline for 30 to 45 days, had to stop treatments or divert patients.
“Because we talked about ‘what-if’ scenarios, they (the incident command team) were primed to make decisions,” he said. “We had top leadership engaged right away.”
Because he says at that point, it’s not an IT game – it’s an organizational and operational game where it’s a race against the clock.
“In ransomware, hours are golden. It can spread so fast. Quick decisions are critical,” he said. “I venture you can only do that if you do the work ahead of time.”
Korena Keys, CEO of KeyMedia Solutions, has also done the work to prepare for a cybersecurity incident. She’s gone through cybersecurity training, worked with SDN Communications on testing her company’s systems, and her IT person has an advanced degree in securities programming.
“I shouldn’t be here today,” Keys told the audience. “But if it can happen to me, it can happen to anyone.”
In her case, it’s important to note she also has credit monitoring and identity theft monitoring.
In January, she found out her digital media firm was responsible for payments on a $150,000 loan awarded as part of federal COVID relief efforts. But she never applied for the loan. Someone had stolen her personal information and done it for her.
“When all the federal funding came out, fraudsters found easy access to money,” she said. “All you had to do was fill out a form and virtually confirm your identity, and you got funded.”
But it was much harder for her to unravel. She discovered her social security number, company employer identification number and company’s legal name were all used on the fraudulent application. The address, phone number and bank account were not correct, but they were close enough to pass a quick inspection.
Rather than hide the situation, Keys chose to reach out to others in her network about her stolen information. In talking with a CEO group, approximately one-third replied that they, too, had some sort of breach from a falsely filed application or credit report pulled.
“This is something people need to know about. Business owners need to be aware and need to check,” she said.
It took Keys nine months to resolve the issue and about 80 hours tracking down information, filing reports and communicating with her staff and clients what was happening. Ultimately, she was not held liable for the payments.
“I know it can happen to just about anyone. As much as we try to do everything right, there still is a lot of risk,” Keys said.
She encourages people to use credit monitoring and ID monitoring systems and to freeze credit at the four nationwide consumer reporting agencies so no one has access to it. She also pays for ID theft protection for her KeyMedia Solutions employees as a benefit.
“Once the information is out there, it’s held for a lot of money,” she said. “Make sure you have protection and a process in place so you can recover quickly.”
Reimer’s advice included a comprehensive list of questions organizations should ask themselves before a cyber incident to help decisions come faster. That includes:
- What’s most important to your organization?
- Which systems could or should you isolate as soon as possible in an incident?
- Who can and will make decisions?
- Would you pay a ransom? If so, how much? How much could you afford?
- Look through the details of your cybersecurity policy. The insurance company’s interests may not be aligned with yours.
“It’s worth spending the time up front and having those conversations,” Reimer said.
Get Reimer’s full list and hear Keys’ full story in the Better Business Bureau’s event video below. Katie Shuck of the South Dakota Fusion Center also shares five steps to secure yourself against ransomware and Theron McChesney with SDN Communications lays out the local cyber threat landscape for businesses.
SDN Communications is a sponsor of the BBB's annual Cybersecurity seminar. In addition to direct internet access services, the broadband company offers cybersecurity mitigation services including Managed DDoS Protection and Managed Firewalls for businesses and organizations across South Dakota and throughout the region.