Back in my early career, the risk of kidnap was fairly low. High net worth individuals and their families were targets, and in some cases airplanes were targets for hi-jack.
In the past several months I’ve heard first-hand stories of companies here in Phoenix who have had their computers and networks taken over by hackers and then received ransom requests. These hackers threaten the destruction of your computer files, loaded software and/or any accessible backups. Some companies respond and pay the ransoms. Some don’t respond and spend countless hours and dollars to try to fend off an attack, or cleanup and restore after the damage is done.
Are you prepared for this? Here are just a few items to consider now:
- Insurance – Are you covered by insurance for all costs related to the attack, including any confidential information that may be considered a reportable event (e.g. the stealing of social security numbers, credit card numbers, etc.)? Do you have the right insurance company and is that company and your broker educating you on what is needed in advance of an attack?
- Prevention – Do you have a fail-safe process (including hardware, software and internal procedures) in place to be able to prevent an attack from happening? Has this process been tested?
- Counting the Cost – Have you evaluated the effect that such an attack would have on the financial condition of your company if you were unable to use your systems for days or weeks?
- A Written Plan – What is the action plan you are going to take from the minute you get the ransom threat forward? Who are you going to call? What is your IT department going to do first? At what point, if any do you call the FBI? Have you prepared a written plan for if and when you are going to respond to the ransom threat? If you are, what are you going to say? Note: Be aware that many insurance companies may recommend that you never respond but take immediate action in the background.
In the event of a threatened attack, there are a number of factors that your company will need to face from a risk management standpoint in addition to those listed above. The financial operations of your company consist of many things other than dollars and cents, cash flows and accounting. Risk exposure should be one of the higher priorities on your CFO’s list of duties. Being aware of current risks and threats, and having plans to deal with them should be a high priority on each business owner’s agenda. Is it on yours?
If any of our 200+ partners across the U.S. help you with building cash flow, increasing the value of your organization and planning for the future (from risk management to exit strategies), please contact us.