In early 2017 we got a call from a company stating that they had been hacked. We listened to this self-assessment with a bit of skepticism, and we went onsite to discover they were, in fact, hacked. As a result of them receiving a forensic investigation on the matter, it was discovered that over 10,000 credit card numbers were stolen, simply because they did not make a basic investment in their own networks security.
We were tasked to make sure this does not happen to them again. What was revealed to us was shocking, the owners son had been the one handling the IT services. We contacted him and asked if the basic security requirements had been meet:
Anti-Virus? …. “No.” Firewall? … “No.” Backups? … “No.” Encryption? … “No.” Windows password? … “No.” Using Chrome or Updated Internet Explorer? … “No.” Up to date version of windows?… “No.”
Now for the two most important questions asked to the clients son,
“What certifications do you have,” and “What insurance do you carry,” the answer to both was “None.”
In this case having a good anti-virus could have stopped this attack, so could having Chrome, setting an administrator password on windows XP, or having an enterprise firewall.
I would like you to imagine the cost of not having these simple things, think about how simple it could have been to prevent this.