Only you can prevent forest fires. More specifically, your employees. They're the most likely source of an intrusion. They need need awareness against mass emails, fake websites, spear-phishing attempts, etc. We usually do bi-annual training. Another weak link can be your clients. Do you have any system for confirming changes to payment instructions?

No. Maybe. But almost certainly no. Anyone who says otherwise is trying to take your money. What we can do is provide you with the emotional closure from knowing that you do not fall into one of the very limited and rare circumstances where something can be done. We can also help you collect the kind of evidence law enforcement needs for a related investigation.

Most general liability policies exclude cyber-attacks. So the question really becomes, “did I get cyber-attack insurance to cover this?” And be sure to let your insurer know there was a potential attack and ask them to cover your related expenses - in case you need to set up a bad faith claim.

Here are some questions to help you. Are you expecting this email? Have you received email from this person before? Are you looking at the actual email address, not the short-name? Is this email strangely insistent that you perform an action on a tight deadline? Did this email point you to a website that asked you to log in? Do you know how to answer these quesitons? Do your employees?

Your employees must hate you. We bet half your employee's have this month's password on a sticky note at their workstation. How many of those face a window? And if the password was "StrawberyShortcake1" last month, we bet it's "StrawberyShortcake2" this month. That firewall is great ... as long as none of your employees work remotely. That VPN should help you avoid some unwanted marketing. It won't keep your employees from wiring money in response to a spear-phishing attack.

That's why you need to hire us; the earlier the better.