In the midst of the pandemic and a busy holiday season, Wright Global Graphics faced something no company wants to experience — a data breach. Greg Wright shares his experience with the hope it will encourage industry members to be aware and prepared.
By Greg Wright | Photography by Chris English/Tigermoth Creative
On the Friday before Thanksgiving, something we never truly expected to happen to our company, happened — our company experienced a data breach.
I was working from home and got the news that a virus had gotten into our system. As with most companies today, we had very good security protocols in place so, at first, it didn’t sink in. But as the day wore on, I kept hearing — it’s bigger, it’s bigger, it’s bigger. It was like a horrible slow-motion sequence. By early afternoon, the report from our information technology department was bleak — Ruyk ransomware had gotten into our network, encrypted our files and left ransom notes within the system.
When something this huge happens, you want to react quickly — get it done and move forward — but you can’t. Day one, we were unplugging stuff and trying to mitigate the damage. We ended up having to send people home because without a digital connection, there was nothing they could do. Thankfully, this was the only day we shut down. We came back on Saturday and tried to figure out what to do. It wasn’t until Tuesday that the full impact and weight of what had happened finally hit me. It was going to be a long time before we were fully functional again. It probably was the heaviest stress level I’ve felt in my entire career.
Our motto became “move slow to go fast.” While a tsunami of to-do’s loomed over us, we held it at bay by carefully prioritizing our top three initiatives daily, reprioritizing the next day and the next. Our first call was to our insurance company. We had a solid plan in place in order to respond to such an event, which included cyber insurance. We immediately engaged with Sylint Group Inc., an internationally recognized cybersecurity and digital forensics firm founded by a former National Security Agency military contractor. Sylint did the deep dive into our system and guided us through recovery.
One of the things we learned while working with Sylint is that data compromises are very complex, and no two are alike. Some breaches can be so massive, it can put companies out of business. Specific IT systems can lull us into a false sense of security because breaches are rare, like with the Linux system we had. Luckily, Linux also prohibits crossover, which kept our most sensitive data safe.
Our production flow was not affected by the breach, due to decisions made by a former IT employee 20 years ago when he designed the network. That design itself had barriers to protect the whole system. Because of his design, we were still able to manufacture product and we had access to what I deem is our greatest asset — our art files. Most importantly, we were able to meet our customers’ needs and work. I called that former employee a few weeks later to thank him. He basically kept 200 people employed and kept our business afloat. I will never forget that.
Our core values guided us as we navigated what to do next. For us, our customers come first. I’m proud to say we had a brand mission and brand promise that held our team together in a way I’d never experienced before. Our people used ordinary means to accomplish extraordinary things. They went back to handwritten orders, phone calls and face-to-face meetings. On the afternoon of that first day following our attack, our customer experience manager came into my office to let me know all orders shipped on time — a feat we didn’t think possible, and one that still brings me to tears.
In the days that followed, Jeff Birnbach, partner and managing director of Sylint, worked directly with us and offered his 30 years of investigation and security expertise. Our situation was unusual because the threat actors (hackers) went dark on us, so a decryption code wasn’t available. At the time of our data breach, Sylint was working with 12 companies that had been hacked by the same virus at roughly the same time. Our company was the only one that was able to get back up and running manually. At least two of the companies had to shut their doors.
We learned quite a bit about security. We had good procedures in place to prevent an attack. We used complex passwords and changed them regularly. We had virus protection on all the machines. We did regular backups. But it wasn’t good enough. These days, eight- and 10-character passwords don’t cut it. Cyber experts recommend a minimum of 12-character passwords and two-factor authentication.
Birnbach also told us: “Put your most important things in your sock drawer.” Meaning, take your most precious data and stick it on an external hard drive. If worse comes to worst, you lose a month’s worth of data versus years.
I also suggest having something like what the hotel industry calls an “e-report” that gives you a printout of critical business data at regular intervals, so your company can continue working. Know your insurance policy well. Does it include cyber breach and network security coverage? Birnbach says in the business continuity and disaster recovery landscape, companies consider what to do if a fire or a tornado rips through their building. But they don’t think about what they would do if their internet goes away and their data is suddenly unavailable.
Additionally, Birnbach pointed out that while we all want employees to be customer responsive, the same responsiveness can make them susceptible to phishing. That’s what happened to us. As a printing company, we receive email attachments regularly. This virus came in through a phishing email in August. While we know the point of entry, we never stopped to point a finger of blame. Other than myself, no one else in the company knows who opened the email that opened the door to the hackers, and they never will. We all share in that responsibility.
I hope telling our story will keep our industry aware of the issue and encourage them to prepare. You think you’re secure, but we learned there are lots of things you can do even better. We have drastically changed the complexity of our passwords. We’re adding two-factor authentication all the way down to the server level. We’ve given our staff phishing training and have changed our backup procedures. We really put our core values — good relationships, tenacity, innovation, knowledge and caring — to the test, and we are proud to say they supported us well throughout this ordeal.
To our customers — you have been wonderful. After our initial communication went out, we received a lot of calls of support. Thank you for your loyalty, your continued support and your patience. We are very grateful for each and every one of you.
To all of our industry friends — please be aware and be prepared. If this prevents another company from going through what we went through, sharing our story will have been worth it. •
Greg Wright is president and chief executive officer of Wright Global Graphics, headquartered in Thomasville, North Carolina.