Issue:June 2016

EXTERNAL DELIVERY – The Big Hack Attack


About 2 weeks ago, I read a book on hackers and the damage they can do to a business. The author said two things that really made an impression on me. The first is that it is not a matter of IF your business is going to be hacked but WHEN your business is going to be hacked. The second thing he said was that the vast majority of businesses in the US do not have any plans for what to do if they are hacked.

In the event that you are hacked, do you know what to do, who should be involved, and who is in charge? Do you have a Disaster Recovery Plan and a Business Continuation Plan? If your answer is no, then please read on.

Let’s look at a hypothetical company by the name of ABC Company that is hacked. On May 1, one of the IT people, who is working overnight, discovers that the company website is acting strangely. Every 3 seconds the company receives an email with an Emoji on the subject line and nothing else. This is critical because the company conducts all of its business through its website.

The CIO (Chief Information Officer) was away on a business trip but was contacted in the middle of the night at her hotel and apprised of the situation by the IT person. The CIO asked the person in IT if he knew where the book was with the company emergency procedures for this type of situation.

The IT person answered that he did not but maybe the head of IT did. The CIO told him to get in touch with her ASAP. The IT person answered that he could not because she was on vacation and he did not know where.

The CIO began making phone calls to the CEO, COO, VP of Operations, VP of Sales and Marketing, the Director of Communications, and other key people to schedule a conference call to discuss an action plan within the hour. That conference call took more than 2 hours to put together, and when it finally took place, it was a waste of time.

Because there was no plan, everyone had his or her own opinion as to what to do, and the dysfunctional conference call ended with no decision. So they just pulled the plug on the website and put up an “under construction” notice in its place.

Had the ABC Company developed Disaster Recovery and Business Continuation Plans, the company would have known exactly what to do, who was to do what, who was in charge, and where the employees should relocate to if their building was inhabitable or there was no power there.

The point of this article is to make you aware of the strong possibility that your company will be hacked and when that happens, you should be well planned out as to how to keep your company running while the problem is fixed.

To view this issue and all back issues online, please visit www.drug-dev.com.

John A. Bermingham is former Executive Vice President & COO of 1st Light Energy& Conservation Lighting, Inc. and former Co-President and COO of AgraTech, a biotech enterprise. He was also President & CEO of Cord Crafts, LLC; President & CEO of Alco Consumer Products, Inc., Lang Holdings, Inc., and President, Chairman, and CEO of Ampad, all of which he turned around and successfully sold. With more than 20 years of turnaround experience, he also held the positions of Chairman, President, and CEO of Centis, Inc., Smith Corona Corporation, and Rolodex Corporation as well as turning around several business units of AT&T Consumer Products Group and served as the EVP of the Electronics Group, and President of the Magnetic Products Group, Sony Corporation of America.