Recently, a catering company owner in Kettering, Ohio started receiving odd emails: a package she ordered from Amazon had been delivered, but she couldn’t remember ordering anything. Following the Amazon incident, she received an email notifying her that her life insurance premiums were increasing. She couldn’t remember any such discussions with her insurance agent.
Then the texts started coming in: the Finkbein-Markle wedding party had yet to receive catering confirmation. And 72 cupcakes were needed for a retirement party she had never booked. Suddenly her life seemed to be a buzz of forgotten bookings and ordering supplies she didn’t remember.
The catering company owner was beginning to question her mental health. But then, an almost equally menacing possibility emerged when other people on her small staff started experiencing similar problems.
This experience taught her the value an MSP can bring to her business. “My husband did our IT. I started out baking cupcakes for my neighbors, and gradually it grew into a business, and now I have a small office and a staff of six,” explains Nancy, who didn’t want her real name used for fear of alienating clients. “He did all the tech basics, and I thought we were fine. I never experienced any problems, and our business has grown; I didn’t think a hacker would be interested in me; I thought they just went after the government.”
But even though Nancy’s business has nothing in common with a government installation or healthcare facility, some of her clients were businesses in those industries. “We cater to a cancer center, and the hackers were trying to use my credentials to get in there somehow,” she says.
The true impact of ATOs
Once her husband began digging into the problem, she became aware that she had been the victim of an account takeover attack (ATO), allowing someone else to act as her. An ATO is a cybercrime where an attacker gains unauthorized access to a victim’s account. Once the attacker has access to the report, they can use it to make unauthorized transactions, such as transferring money, making purchases, or changing account settings. ATOs are an increasingly common form of attack. The statistics are sobering.
From 2019 – 2021 – ATOs increased by 307 percent. In 2022 – The increase continued, with attacks up 121 percent. “From everything we are seeing this year, I’d expect the increase to be similar,” asserts David Kingsley, a Halifax, Nova Scotia-based cybersecurity analyst.
Nancy also learned another lesson that often, good cybersecurity isn’t something that can be an afterthought. “My husband thought he was doing all the right things, firewalls and all, and the appeal to me is he was cheap – free! But I paid for it,” Nancy states.
After the incidents, she hired a local MSP to come in and clean up the mess and lock down the catering company’s cybersecurity to prevent future problems. “They’ve been amazing; the peace of mind is worth every penny,” Nancy shares while frosting cupcakes. “The MSP allows me to focus on our baking and customers.”
Nancy says she had never heard of an ATO before and didn’t want to use the term ever again. “I have enough to remember with recipes and client needs; I want to hire out all the computer stuff, so I don’t have to think about it.”
Nancy’s story illustrates how an ATO can happen to anyone with a vulnerability in their security. “My passwords were horrible, and my husband should have caught that. Our MSP stays on top of that now,” Nancy notes.
It all comes down to basic cyber hygiene
Kingsley offers her advice that she wishes she had taken a long time ago. “Have strong passwords and don’t reuse them. A strong password is at least 12 characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols,” he advises, adding that you should have different strong passwords for other accounts.
“All of my passwords were cupcake123,” Nancy grimaces. “Now, none of them are, I can’t even remember what they are, but the MSP has set me up with a password manager.”
Kingsley points out that the MSP is taking the right approach. “Often for the smallest of businesses, just the basics, the fundamentals can reduce the chance of attack by 90 percent or more Small businesses are a huge opportunity for MSPs.”
Kingsley further explains that despite the skyrocketing numbers, protection against ATOs comes down to basic cyber hygiene. “Enable multi-factor authentication (MFA). MFA adds an extra layer of security by requiring you to provide a second factor. That is especially important to ward off an ATO.”
Kingsley warns that MSPs should teach small business owners like Nancy to be careful about what links and attachments are opened. “A well-placed phishing email can spell success for a hacker.”
Photo: NicoElNino / Shutterstock
This post originally appeared on Smarter MSP.