by John Ross / president and CEO of IGA
You are under surveillance. Your business, its exact location. And the people watching? They’re planning to steal.
I don’t mean thieves who plan to break in and make off with groceries. These thieves want something infinitely more valuable: data. Once they have it, they can own your systems.
Think I’m being dramatic? All the stories about malicious data hackers from distant lands make it seem like the danger is far away and unlikely that a local U.S. grocer would be a target.
But the danger is close to home. The thief? A local teenager or adult looking to make extra money. They log on to the dark web, enter one of dozens “help wanted” sites seeking U.S. agents to install a virus on vulnerable companies’ computers.
What’s the dark web? It’s a collection of websites, just like the normal web, but hidden to normal search engine sites. It’s a haven for nefarious activity and people who seek anonymous commerce.
Our thief – or entrepreneurial hacker – takes the job and sets to work fulfilling the task: how to get U.S. companies to open and click on email attachments so they can break into and shut down the system, holding the company hostage.
Small- and medium-sized businesses are prime targets because they tend to have little awareness and sloppy or outdated technology. Local businesses don’t think they are at risk – how would some overseas hacker know about a local grocery chain?
The entrepreneurial hacker visits local websites, finds a list of people who work there and creates fake emails that look convincing. They appear to come from a co-worker, complete with company logo and signature line.
“Hey, this is John in customer service. Please look at the letter I got from Bob in purchasing. I don’t think he has the facts straight.”
Our entrepreneur sends the email and waits for the recipients to click on the attachment that isn’t real. It’s actually a virus designed to infect the company systems by loading an encryption routine on company data so only the thief can unlock it.
Once the virus is loaded, our entrepreneur gets paid. They make more money if the hacked company pays a ransom to get their data back. The average ransom amount paid in the United States to these kinds of attacks is $220,000, up more than 40 percent from last year.
How can grocery retailers protect their companies? Two simple measures can go a long way.
Step 1: Audit your technology
Start with a security audit from an outside company. These are inexpensive, quick and even the most rudimentary audit will reveal gaping holes in your technology, such as out-of-date software.
A good security audit also will recommend ways to protect data. Offsite backup, duplicated data archiving and other techniques cost a little more, but ensure recovery without having to pay a ransom or shut down for weeks.
Step 2: Pause before you click training
The best defense is to not click on suspicious attachments. As described above, the thieves are getting smarter, but knowing a few of the red flags can help identify the fakes.
For example, the thieves can make an email look authentic, but the biggest giveaway is the address. It is difficult for them to slip in a valid address, so it will be an unfamiliar one, such as [email protected]
It’s important to remember to slow down and pay attention. Train associates to pause before they click. Viruses often lay in an attachment or a link, mimicking cloud services from Microsoft, Google or Apple.
Ransomware attacks are up 120 percent this year. Thieves are getting smarter because the money is good. And the grocery industry? To the hackers, we look like easy pickings.
Please get smart about this risk. The better prepared, the better you can advise your local chamber of commerce, church, school or hospital.