How would you feel if you realised key company data had been encrypted by cybercriminals? Shock? Rage? Overwhelmed by the recovery process?
Ashleigh Wright, managing director of Westray Recruitment Group, didn’t feel any of these at first. It was only when she started calling the agency’s temporary workers to tell them they would be paid late, only to find uniform sympathy and support, that she ended up in tears.
Her employment agency, established by her mother in 1990, supplies temporary workers across a range of industries, including engineering, automotive, and manufacturing.
At any one time has a couple of hundred people placed with customers around the North East.
Its small office team relies on systems hosted by a service provider. But earlier this year, something strange happened.
“We all went home on the Friday,” she explains, “And over the course of that weekend, one of my colleagues had tried to log into our systems, and she couldn’t.”
Ashleigh tried as well. She was also unsuccessful, but not overly worried. When there had been previous problems logging on, “It’s a quick call to the IT company, and it’s resolved.”
But on the following Monday, no one could access the system, and when a colleague spoke to the IT company, it became clear that they had been victims of a cyber attack.
“I don’t know what that conversation sounded like,” Ashleigh says. “Because it was my finance director who handled it.”
She wasn’t unduly concerned. “It didn’t initially hit me at that moment, because I just thought, I will get back up and running and everything will be fine.”
But once the systems were finally up and running the following Wednesday, it was clear that it had lost three months’ worth of data. On top of that, it emerged that backups hadn’t been carried out as planned. And payday was looming.
“We process our payroll on a weekly basis…we had to reprocess manually three months worth of payroll before we could process that week’s payroll.”
This meant the finance team was working 14-hour days to clear the backlog. But it was obvious that wasn’t going to be enough, and the temps would be paid three days late.
Time to hit the phones
As Ashleigh says, the easy thing would have been to email the affected workers to say that, for the first time in 35 years, pay would be late.
Instead, says Ashleigh, “I made the decision to personally call every single one of our temporary workers to explain that they actually weren’t going to be paid on that Friday.”
Naturally, Ashleigh expected some angry people. She was surprised by the response.
“I was absolutely floored and gobsmacked at the responses from the people I was speaking to,” she says. “They were all so lovely and so understanding, patient, and they were asking me if I was okay.”
So, it was Ashleigh who ended in tears during a few of those conversations. “It really tugged at my heartstrings.”
Meanwhile, Ashleigh and her tech provider were left waiting for a ransomware demand. Which has yet to come.
“If they come to me and say, I want 100 grand, I don’t have 100 grand to give them. We don’t have a bottomless pit of money. So we would need to tread that really carefully and probably get police involved, solicitors.”
Ashleigh thought cyberattackers would only make an effort to target big enterprises that would offer a good potential return.
Ashleigh Wright, managing director of Westray Recruitment Group
“My business is small. I employ 15 people, and I’m based in Gateshead, on an industrial estate. You would not think I would be targeted at all.”
She expects most of her peers will think the same, but “if it’s happened to me, it can and will happen to anyone.”
So Ashleigh has been on a mission to put the “embarrassment” aside and warn her peers that they, too, are potential targets.
“I’ve had multiple conversations with business owners of a similar size to me, some slightly bigger.”
They invariably have minimal protections in place, she says, and have been asking Ashleigh what happened, and what they can do in future to stop the same thing happening to them.
“So from that regard, I feel like, well, my job is done.”
Her IT provider has put additional security measures in place, including two-factor authentication and revamped password procedures.
“All of these things do come at an expense,” she says. She’d rather be investing in developing the business, but accepts she has to divert some funds to protect it.
“Because if something like this were to happen again, we’re not going to have a business to grow anyway.”
