Remember sharing spooky stories around the campfire as a kid? Well, none of them were as terrifying as the horror stories APRO members swapped on October 19 in our webinar, Nightmare on RTO Street: Cybersecurity Tales to Save Your Neck and Your Networks.
Just in time for Halloween, three RTO executives told their hair-raising cautionary tales, and experts gave tips on how to prevent your company from being the next victim.
Dan Singh, CEO of Dial Rent-to-Own, gave a classic example of being “phished” – tricked by an email into giving away sensitive information … and more.
A staffer received an email that appeared to be legitimate and convinced her to provide her password. That allowed the cybercriminal to send deceptive messages to more staffers, leading to a $9,064 payment intended for GE to be instead wired to the fraudster’s account.
“We tried to file fraud charges, but the bank told us there were so many cases, there was just nothing we could do and we wouldn’t get the money back,” Singh said.
“All of this could have been averted if we would have just made some simple phone calls within the office or with GE and verified the information,” Singh said.
Matt Warren, Senior Vice President of RNR Tire Express Franchise, was hit by a more complex scheme that didn’t involve his own network, but still had an electronic component. The thief gained access to his company’s file at the Florida Secretary of State and changed the company’s contact information. She then stole some checks from RNR Tire Express Franchise’s mail and tried to cash them, portraying herself as a company officer.
Thankfully, she was caught, but the legal mess cost his company $100,000.
Now, Warren said, “We go in there [every year] and make sure all the officer information is up to date, and also make sure you can set up specific alerts to when your accounts get changed, so it will go to a [staffer] that you know will be checking their email quite often.”
Singh and Warren got off light, however, compared to the 2019 Christmas Day Surprise suffered by Aaron Windsor, Owner of National TV Sales & Rental.
“I got a call that every single computer in the company has been locked out,” Windsor said.
A “ransomware” attacker, sneaking in via an email sent by a vendor from an unsecured server, had taken control of 130 of National’s computers and demanded $1.4 million to get access to the computers restored.
The total cost ended up being much more.
“The forensic investigators, the lawyers, the insurance, the loss of business … I think we figured up it was just short of $4 million in loss – all because of an email that was unsecured.”
The webinar also brought in experts on protecting company cybernetworks.
Jammy Williams, Director of IT Services for Buddy’s Newco LLC, dba Buddy’s Home Furnishings, told participants they must “embrace waiting” – protection measures like multifactor authentication for all your employees may not be convenient, but having patience may save you millions of dollars.
Eddie Flores, APRO’s Data Analyst, gave good tips on how to create a password that is easy to remember yet complex enough to frustrate hackers.
“Cybersecurity incidents are a matter of ‘when,’ not ‘if,’” warned Dailey Wilson, Senior Associate Attorney at Hudson Cook (the webinar’s lead sponsor). She said companies need to put a prevention program in place and have a response plan ready for when that cyberattack occurs.
Phil Carselowey, co-founder and COO of RTOSmart (also a sponsor), said companies must not be casual about selecting vendors. Grill prospective vendors on the rigor of their cybersecurity practices and learn whether they allow third-party assessments.
Nightmare on RTO Street: Cybersecurity Tales to Save Your Neck and Your Networks was a benefit of APRO membership. Members who missed the webinar may obtain a copy by emailing email@example.com. If you are not yet an APRO member, join today at https://www.rtohq.org/join-apro/.
Read the rest of our Nightmare on RTO Street stories: