At a glance
A large accounting practice in the North East of England, AccountingCo*, reached out to ROCK after suffering a ransomware attack on one of their users' work laptop devices. As well as securing AccountingCo's* network, ROCK worked with the organisation to build their cyber and technical knowledge with a bespoke awareness and training plan.
The situation
When one of the senior partner's work laptops was encrypted and their screen was asking for five Bitcoin (approximately £25,000) in return for decryption, AccountingCo* called ROCK to assist. Luckily the ransomware hadn't spread to the main file servers or any other PCs on site, but as is often the case, further infections can lie dormant for either a second attack if a ransom is paid, or as a means of upping the ante if it isn't.
The link had been clicked by a member of staff that didn't understand viruses could come through in such a manner, and on further investigation, this was the consensus amongst many staff on site. Many staff hadn't changed their password for years, and those who did usually based theirs on things personal to them – meaning any hacker utilising social engineering would make short work of them.
With an IT infrastructure that hadn't been invested in for a number of years, no firm IT policy in place with many staff having access to software and passwords that they didn't need, coupled with a struggling internal IT team – there were a number of ways that ROCK could assist.
Recommendations
In ransomware attacks, time is of the essence. ROCK's service desk successfully isolated the infected computer from the network and began securing the rest of the network against further attacks. A full vulnerability test was carried out after the initial triage work was completed that uncovered a range of security issues, leading to the following recommendations:
- Upgraded firewall and anti-virus on all machines
- A 'zero-trust' policy rolled out across all staff, with the management of the system moving to ROCK's service team alongside the internal IT administrator
- Multi-Factor identity authentication for all staff computers, alongside business-grade disk encryptions
- Mobile Device Management across all company and personal devices that accessed company information
Most importantly, the ransomware had infected the computer from a rogue phishing email, posing as a supplier, and when clicked, a file was downloaded causing the ransomware to jump through the device, encrypting all of the user's files. We recommended that an intensive cyber security training plan be rolled out across all management and staff, to build their awareness of threats to their organisation and how to protect themselves against them.
Staff at AccountingCo* would complete short online training courses lasting no more than 15 minutes once per week for three months. These were coupled with tests sent out to staff to check knowledge, with prizes for the top performers to encourage engagement. Teamed with this was a simulated phishing campaign which continues to be run on a monthly basis; sending out fake phishing emails to lure staff into clicking them. When an employee does click a simulated phishing email, ROCK notifies management and suggests additional staff awareness training.
How we helped
- 100% of staff felt confident identifying phishing attacks
- 0 instances of data breaches or ransomware since ROCK's involvement
Outcome
Since implementing ROCK's solution, AccountingCo* staff have praised the training and focus on cyber security. In a post-project survey, 100% of staff felt confident in identifying phishing emails and dangerous practices that could cause cyber attacks. Despite multiple attempts to access their network from their monthly reports, there have been no successful breaches at AccountingCo*.
Regular training, especially for new staff joining and continued simulated phishing campaigns are still in place, leading to a fully secure network and an informed, empowered workforce.
*We value our clients' and their right to a confidential consultation. While the name has been altered, the results are real.