Several weeks ago I received a call from a potential client inquiring about implementing security at his workplace.
His workplace turned out to be a facility that was involved in the manufacture of paints and finishes. The business was a family one and what I consider to be well established.
My initial assessment of the computer network at his facility was that it was outdated, meaning using slow equipment. There was no effective network firewall device and all workstations where running in administrative rights mode, so that users could install software and make changes to their workstations. The person who installed and maintained the network was the owner’s son, who worked at the facility part-time in the accounting department.
It may or may not come as a surprise to you, but the above company description is quite common even in a region as populous as Southern California.
After returning to my office I authored an assessment of what I observed and gave guidelines on how to bring the computers and network up to a modern day setup with very little cost, only several $1000 dollars.
Following up with a phone call, the owner of the company informed me that I charged too much and behaved as though I had insulted his son with my recommendations. My key recommendation was to secure his network and make some minor changes in how users interact with their email in preventing them from opening spam and clicking on links.
I placed his assessment aside for follow up in the next quarter in hopes that this small business owner who was obviously intelligent would have given my report some thought.
Two weeks or so went by and I received a call from the same company owner in a panicked and breathless state informing me that he could not go online and that his files and accounting folders where locked and that someone was asking him for money to be able to gain access to his documents.
I arrived at the facility that afternoon and was met by employees milling about in the loading dock area. The owner came out and ushered me into his office, he turned the computer screen around and it was mostly black with red text. In paraphrasing the text it read to open a bit coin account and deposit $50,000 to unlock your files, failure to act in 72 hours will result in a doubling of the money asked. If no response in a week, say goodbye to all of your documents.
The owner asked me what to do and I told him the only option for him was to pay it.
The gist of this story is to try to stay on top of your technology matters by hiring a qualified professional who will give you an assessment and discuss with you changes that should be made. Often times having a person who is not involved in IT on a day-to-day basis is not the best choice to be making IT decisions in your organization.
If you feel the your IT person is charging too much, get a second opinion. In the end you will save yourself a great deal of money and stress and hopefully you wont have a ransomware story to tell to your employees.