“Hundreds of IGA stores held ransom, dozens likely will close forever.”
That headline could happen. Easily.
What would cause it to happen? One single email. An email with an innocuous title, appearing to be from someone you know—an employee, a vendor, your bank, your accountant, your wholesaler, or even me. The key is, it would be an email that you—or any IGA retailer or member of their team—could easily open, and believing it to be a real message, click on an attachment or link that would unleash a virus that would infect your servers, shut your stores down, and hold you hostage. One that would deliver a message promising to lock up your computers, grind your holiday sales to a halt, and cost you hundreds of thousands of dollars.
The sad fact is, cyber thieves are smart and getting smarter. They employ people in our own communities to study American companies, fake internal emails, and trick innocent employees into opening a file, downloading a virus, and setting off a chain of events.
And they sit back and wait for the mayhem. They prey on non-technical companies that don't know the risk of a cyber attack. Right now, they are attacking hospitals and schools, and anyone distracted by the virus. And with a real virus rampaging through the world, they know their digital viruses have never had a better opportunity to catch us off guard.
Just one slip—just one—and the danger is done. Foreign nationals last year hit four independent grocery retailers and extracted almost a million dollars—that I know about. None were IGAs but as we move into the holidays, knowing our cousins were hit last year, we have to be extra careful.
So, I ask you all,redouble your diligence. Pause and ask yourself these questions BEFORE you click on any links within an email that raises red flags.
Is this someone I regularly do business with?
Are there a lot of people copied who I don’t know?
Does the subject line match the content of the email?
Does the email contain unusually bad grammar, or are there a lot of foreign characters or languages?
Does the link seem suspicious? Hover your cursor over the link without clicking—DO NOT CLICK!—and you will see the actual address. If it doesn’t match the email domain or the company it came from, that’s a huge red flag—don’t click.
And finally, if you are worried and don't have a company IT person of your own, reach out to IGA's director of IT, Ron Gavrilovic with questions. Ron and other members of the IGA team are in the final stages of development for a formal program that will provide IGA retailers with audit services and solutions to ensure your store is secure from ransomware attacks. That program will roll out in the first quarter of 2021, but in the meantime, if you suspect you opened something you shouldn’t, call Ron. If an incarcerated African diplomat needs you to help him secure his bank account in the U.S., Amazon tells you that a personal account has been hacked via your work email, or you get an email from Mark Batenic asking you to buy gift cards and send them to a mysterious address, STOP. Pause. Reflect. Call Ron. And be safe!
Looking for more tips on how to protect your store from ransomware attacks this holiday season? Click here for more information.