Well it had to happen. We were caught by one of those vicious phishing attacks. A simple click on a malicious email set it all in motion. Easy to do but with somewhat dire consequences. It allowed access to the particular email account. Messages and contacts deleted and the malicious email sent to the contacts in that account. It all could have been avoided with some simple measures. I\u2019ll come to that later.<\/p>\n
You see we\u2019re a virtual business – no office (everyone works from home) and everything in the cloud. It\u2019s highly efficient and cost effective. From an IT perspective, however, it\u2019s a bit more difficult to manage as each team member has their own computing environment. I blame myself. I should have been more vigilant and insisted on higher security measures (which I had already implemented in my own home office IT set-up).<\/p>\n
At the end of the experience I received a number of emails congratulating us on how we dealt with the episode, and suggesting that we should write about it. So here\u2019s the article!<\/p>\n
What we did wrong<\/strong><\/p>\n What we did right <\/strong><\/p>\n While some people were understandably upset, most were very understanding and quite a few congratulated us on how we dealt with it.<\/li>\n<\/ol>\n Of course we had a number of the cloud hosting providers who were proactive in letting us know that if we were on their platform such an event wouldn\u2019t have happened due to the tight way they lock down their platforms. That of course is true but it comes at a cost which is not warranted for a business of our size and the applications we use. For most professional service firms, however, such platforms should be considered for a wide variety of reasons including security.<\/p>\n So in addition to wasting a day or so and giving me some additional grey hair we have learnt some valuable lessons. I hope that this note will help you avoid similar trauma.<\/p>\n\n
\n