About 18 months ago, a TRSA member with multiple locations began noticing a slowdown in email service. Although the system was functional, something didn’t seem right. Then one morning, an employee saw signs of hacking. The company knew they had a problem.
“Our people were pretty cognizant that something was just not right,” the company president said. “We had been communicating with our IT (information technology) department, saying, ‘Hey, we got something going on here. But the net effect was, early one morning, someone opened up their screen, and they saw something funny. They quickly contacted IT, and within 30 minutes, if not less, the IT department had already shut down our system. We had a pretty good protocol and literally unplugged all our computers. We were pretty violently attacked.”
Computer hacking can take many forms. But anyone engaged in this criminal enterprise aims to steal and/or ransom your company’s data. Textile Services magazine’s March cover article, titled “Defending Your Data – Shielding Your Sensitive Info from Cybercriminals,” addresses a range of issues associated with this topic.
Looking back, the company was fortunate that their IT team and outside advisers had stored data and dispersed it among multiple servers. For example, route-accounting information was managed through a separate internal software system that wasn’t affected by the hacking incident. Other data was stored. “The good news was, we had some pretty good backups. We had an IT partner we had already been working with, and we had a pretty good protocol of backing up.” By using different systems, the company limited access to its data. “We use some different software and still, frankly, believe in the IBM system approach versus other types of systems. Therefore, the attack only affected part of our business, our customer communications, but the net effect was that it really knocked us out for about a week.” The hackers primarily targeted emails from the company’s staff. Consequently, the company had to establish new protocols for its email program. They archived older emails but scrutinized recent ones to avoid any that were corrupted. “We learned a lot of lessons where we thought we had done all the right things and checked all the right boxes and thought we were ahead of it, and then learned there was a lot more that we didn’t know or some ‘back doors.’”
A related concern was that new hires weren’t receiving sufficient training to watch for dangerous emails. This spurred a policy change that the company hopes will protect the company from future incidents. “The big thing is we started campaigns that anyone that comes on board the company that gets an e-mail has to go through scam training,” the company’s president said. “And then we contract with an outside company, and they send scam emails all the time to those people. And if they don’t mark it as ‘phishing’ or a scam, then they have to go back through a tutorial.”
While it cost the company time and resources to review a week’s worth of emails as part of the hacking investigation, the company recovered virtually all its data. “We have multiple sites and backups for all of our systems and because of that, we were able to basically go back in time, cleanse and figure out when they had access, cleanse everything, and then go right back and reload. We cleansed a week’s worth of data. …We were very fortunate not to have had to pay a ransom.”
Outside specialists helped simplify the recovery process after the incident, he said. “We did have to pay third-party people to come in and help us,” he said, noting that the technicians worked remotely as well as on site. “That was also a big lesson is having these third-party people that you work with readily available.”
Since the July 2024 incident, the company has beefed up its cybersecurity systems. “The biggest thing was we upgraded all our firewalls,” he said, noting that existing plans for upgrades were accelerated following the incident. The system now includes sensor capabilities that monitor for any attempts to hack into the company’s data. In the near term, the company also plans to conduct regular “penetration tests” to identify weaknesses in the system.
Photo Credit: Max Taylor Photography Inc.
Sign Up For Our Newsletter
Receive the latest updates on the linen, uniform and facility services industry from TRSA delivered straight to your inbox.
