Real protection in a virtual world
This unfortunate victim of cybercrime had successfully made the transition from PA to VA. She’d built up a list of clients, invested in the latest IT to make sure she was fully ‘virtual’ and kept her skills up-to-date.
Shame she didn’t keep her IT security as up-to-date as her skills, then.
It was as simple as not having Windows updates switched to ‘automatic’. Every time Microsoft discovered a vulnerability in its operating system and issued a patch to counter it, our VA’s PC wasn’t downloading it.
That left her open to cyber-attack. And it’s why, when she fired up her computer one morning she found no way of accessing her files and data.
What she found instead was a message her PC was infected with CryptoLocker malware – alongside a ransom demand for £3,500 in bitcoin to restore her files. There was also a threat to double the ransom after three days, and destroy the files entirely after a week.
Our VA panicked a bit. She really didn’t know what to do. To make matters worse, she had a string of tasks to tick off for her clients.
Her first call was to her insurance broker. She’d remembered reading something in her policy documents about getting in touch as soon as she thought there was a problem.
A detailed discussion soon revealed how much of a problem there was, but the situation wasn’t entirely bleak. The VA was fairly scrupulous about backing up her files and everything was already sitting in the cloud. That helped a lot.
Her broker made full use of the insurer’s resources, including bringing in a specialist consultant to help manage the ransom situation.
A decision was made not to pay the ransom. These were criminals, after all, and there was no guarantee they’d release the files if money did change hands.
Cyber criminals have a horrible habit of coming back for more once they know you’re willing to pay up, too. Playing ball is best avoided if possible.
Next step was to put the VA’s PC under forensic investigation to see if the hackers had done further damage or stolen data. In the meantime, her cyber insurance paid for a replacement computer so she could keep on working.
So far, so smooth. The IT experts working with her insurer established the malware the hackers had used wasn’t the type that could also steal data so the VA’s confidential client information was safe.
That meant the IT crew were able simply to clean up the machine, re-install the operating system and software, and restore data from the cloud.
Job done. The PC was as good as new – only this time with Windows Update turned on.
But think what could have happened on another day. Our VA might not have backed up her files just the night before. That could easily have forced her into paying the hacker’s ransom just to get her files back – with no guarantees and a risk the hackers would return.
Plus, what if the files weren’t eventually restored? In that case, she’d have had to confess to her clients she’d lost all the data they’d supplied her with, as well as any work she’d done in the meantime. Not exactly confidence inspiring.
And this is how that could’ve panned out, cost-wise:
- If she’d had to pay the ransom: £3,500.
- If she’d not been able to work for a week while sorting out the mess: day rate of £200 a day x 5
- If she’d lost all her clients because of the disruption and perceived lack of IT security: her annual turnover £22,000.
A lucky escape, then. As it was, our VA’s cyber insurance guaranteed her the help she needed, and her business survived this particular cyber scare pretty much unscathed.