Ruminations

Six Degrees of Kevin Bacon

This post is not really about Kevin Bacon, or the many other famous people that I don't know. It's really about relational proximity, but that doesn't make for an interesting title.

Most of you are familiar with the game named after Kevin Bacon. For non-celebrities, the process is referred to as 'Six degrees of separation', where the concept is "any two people on earth can be linked together through six or fewer acquaintances."

Recently I was a "2" from a company that was the victim of ransomware. Technically I was only a "1" because I have interacted with them directly via email on our client's behalf (so I'm in their enterprise email contacts). But still, twice removed is too close for my comfort.

There's a lot to know about ransomware. Do you know enough to protect your small business?

The victim company, which is a good-sized company (and a subsidiary of a really big company), was down for a little over two weeks (at least). It's tough to know much since they aren't saying a lot about it, but they've appeared in several online articles identifying them as a ransomware victim.

Mind you, I have no information about if they paid the ransom or not (I hope not), or what other actions they took. But I would imagine that they followed protocol and replaced every computer (desktop, laptop, and server) in their company. Even network printers should be replaced due to their ability to store drivers and other executable code.

Though some desktops and laptops can be replaced quickly by going to a store or shopping online, a server is another animal entirely. It usually takes several days (often longer) to get a server built to the necessary specifications. Shipping can also take a few days, especially when it involves multiple servers (as is often the case). Waiting can be a very stressful time for management, IT, and everybody else.

This happened right before the holidays, which is when many successful attacks take place due to employee distractions and vacations. Remember that suffering a ransomware attack affects everybody in your small business in a negative way. A ransomware attack also affects your customers (more on that below).

There are basically two types of companies out there: those who are ready and those who are not.

Do you have backups that are not connected to your network? Do you have a business continuation plan? Do you have a disaster recovery plan? Do you have cyber insurance? If you answered "Yes" to all these questions, then you may be ready. If you answered "No" to any of them, then you are not.

Being prepared is important and can take a lot of work. But if you don't test your backups or recovery plans regularly, then you may find out the hard way that you did a lot but didn't do enough. Each of these components should be tested annually, and preferably your backups should be tested quarterly.

Many companies have employees with files that are stored on their computer but that aren't backed up or stored on a server. Some of these files are mission critical files for a small business. They can be lost due to a hardware or storage failure, a lost, stolen, or damaged laptop, accidental deletion, and yes even ransomware.

Do you use a cloud storage service like Microsoft OneDrive? That's convenient, and even looks like a backup solution, but it is not protected from ransomware.

Our client, who is a customer of the ransomware victim, had to switch to interim suppliers for many of the items they sell. Unfortunately, alternatives were not always available, so they had to take almost 1,000 items offline for the duration of the incident. This is always a potential downside of just in time inventory.

Some may be thinking that our client should have already had alternative suppliers lined up, as we've covered before. They did. Unfortunately, the ransomware victim is the sole distributer of some of the products our client sells.

Fortunately, our client was only affected by some lost sales. That isn't always the case when a supplier is a ransomware victim. We've advised our client regarding what to look out for when it comes to unfamiliar contact from their supplier, and other companies claiming to represent the ransomware victim.

Being on the defensive is always part of being in business, especially for small businesses. That goes up an order of magnitude when it comes to being this close to a ransomware victim.

One degree of separation doesn't seem like much. But sometimes it's just enough to keep your small business from ransomware giving you the business.

---