SMEs and small organisations also fall victim to cyberattacks. Two impacted companies based in Switzerland talk about the consequences and how they have responded. They also offer tips on how others can better protect themselves.
Comprehensive protection with beem
Keep everyone and everything safe, everywhere and always, with beem: Browse securely and access company data using your smartphone and computer.
Felix Keller heads up the Office of the St. Gallen Trade Associations (GSGV). Like every morning, he tried to check his e-mails on his smartphone on that particular Thursday, but the server was unreachable. He notified employees and the external IT company about the problem and made his way to the office in the city centre. Then came the message from the attackers. It was now clear that the office’s entire IT infrastructure, including its backups for the previous two months, had been encrypted by ransomware. It had all begun with a phishing e-mail. ‘My first thought was: why us? This can’t be happening,’ recalls Keller.
Remo Muggli, managing director and co-owner of recruitment agency stewards.ch, also discovered that SMEs and small organisations can be a target for cybercriminals: ‘We were made aware that some of our customer data was available on the darknet.’ Then the search began: was the data genuine? If it was, which system was the source?
Finally, the company found that the data came from a test database. ‘We had never publicly disclosed the address,’ says Muggli. ‘But apparently, the attackers still managed to gain access using an automated scan.’ And exploited the security loophole in the installed software version. ‘I don’t think we were specifically targeted,’ adds Muggli. ‘We were just caught up in a widespread scan.’
Cleaning up after a cyberattack
In a way, Muggli and his team were fortunate despite the circumstances: the police cybercrime unit was able to have the link to the data removed quickly, and most of the people affected were understanding. This also meant stewards.ch was able to avert reputational damage, which is vital in a trust-based business like human resources management. ‘Things were stressful until we found the source,’ says Muggli. ‘After all, we wanted to notify those affected within a reasonable period of time.’
‘We significantly upgraded our security measures after the ransomware attack.’
Felix Keller, head of the Office of the St. Gallen Trade Associations
In GSGV’s offices, on the other hand, there was a lot of activity over the weekend after the attack: the organisation decided to rebuild its entire IT infrastructure and restore the data from the backups it had to hand. ‘Fortunately, we had outstanding customer invoices on paper,’ recalls Keller. ‘So, at least we had a record of the amounts owed.’ Of course, the recovery process required significant human effort and financial resources.
Additional measures taken
But the office didn’t stop there with new infrastructure. ‘We have invested in a second, physically separate backup and an improved firewall,’ says Keller. ‘We lack the necessary IT expertise, so we evaluated and prioritised the measures together with our IT partner.’
GSGV has also worked to raise awareness amongst employees through training. Employees now report suspicious e-mails to the IT partner, who then checks the content. And although suggestions for improvement mainly come from the IT partner, Keller is clear that responsibility for business operations and thus also for IT security lies with the leadership team: ‘While our IT partner suggests and implements measures, the responsibility rests with us.’ And there has also been a rethink at stewards.ch. Muggli says, ‘We now realise that even “little fish” like us are a target for cybercriminals. And we have to make sure we do not make ourselves easy prey.’
‘Just because you’re not a high-profile target doesn’t mean you’re safe.’
Remo Muggli, managing director of stewards.ch
The recruitment agency has therefore taken additional security measures since the incident. ‘We’ve adapted a number of processes,’ explains Muggli. ‘And we’ve used the security requirements of major IT providers as a guide to define measures for ourselves.’ For example, the company is now using geofencing to block – or at least restrict – access from abroad. And a penetration test is planned to reveal any other potential security loopholes.
The two managing directors are aware that one-off measures are not enough, especially when it comes to raising employee awareness. As Muggli puts it: ‘It’s easy to fall back into old habits.’
Cybersecurity as an ongoing task
Both are aware that they need to review cybersecurity measures on a regular basis in order to prevent future cyberattacks. ‘I’ve a reminder in my calendar to talk to our suppliers and IT partners on a regular basis,’ says Muggli. ‘It’s a small preventative step that can go a long way towards protecting us.’
GSGV is taking a similar approach, emphasises Keller: ‘I check in regularly with our IT partner to see whether the measures are still sufficient or adjustments are needed.’ This approach seems to have helped. To date, neither organisation has recorded another successful cyberattack.
Comprehensive protection for your company
Simply secure, for everyone and everything, everywhere and always, with beem: secure surfing in beemNet, secure access to company data, defence against complex cyber attacks and comprehensive protection against data loss.
Tips for SMEs on how to protect against cyberattacks
Based on their experience with these cyber incidents, Felix Keller and Remo Muggli would like to offer other SMEs the following actionable, though not exhaustive, recommendations. After all, good preventative security measures – taken before anything happens – can definitely help to ward off cyberattacks:
- Regularly and promptly update operating systems as well as network devices such as printers
- Raise employee awareness through suitable measures and IT support
- Have systems tested by experts, for example by means of an assessment (inventory) or a penetration test (authorised simulated attack)
- Actively review hosting security options, such as active security measures and retention periods for log files
- Notify the police in the event of a successful cyberattack
- Define alternative channels for communication with the board of directors and employees; also set up a neutral e-mail address (that does not identify the company or named individuals) for possible communication with ransomware attackers
