Saving a Small Business from Cyber-Attacks

Saving a Small Business from Cyber-Attacks

“The local IT services provider that we previously used did the best they could, but given our company’s growth, Flexible Fuels would be out of business today if we had not moved to Executech.”

-Tom Anderson*

Owner and General Manager | Flexible Fuels

*We have changed the names of the business, along with individuals, in this case study to protect identities. 

Download a PDF version of this case study here.

About the Client 

Flexible Fuels* is a family-owned business that supplies and delivers fuel and lubricants across the Southwestern US. Founded over half a century ago, Flexible Fuels has enjoyed decades of growth. Longtime customers know the company for providing high-quality products and excellent service. As a result, by 2018, Flexible Fuels had grown to 235 employees. For nearly ten years, the company had relied on a small local managed IT services provider to handle their technology needs.

The Challenge

Attacks on the Network, with No Protection in Place

In 2018, the President of Flexible Fuels approached Executech with a problem. His team had noticed multiple “phishing” email campaigns in their inboxes. Unfortunately, Flexible Fuels’ IT services provider at the time had not detected or prevented these campaigns. So Flexible Fuels asked Executech to conduct a risk assessment.

First Response

Executech Conducts a Comprehensive Assessment

Working quickly and closely with the team at Flexible Fuels’, Executech’s consultants developed a three-step strategy to evaluate the state of the company’s network security: 

Step 1: Penetration Test — Firstly, Executech’s consultants conducted a penetration test to detect the security vulnerabilities that an attacker could exploit.

Step 2: Simulated Phishing Campaign — Additionally, Executech designed and launched an email phishing campaign to determine how susceptible Flexible Fuels’ employees were to a real-life attack.

Step 3: Network Scan — Finally, Executech conducted a comprehensive assessment of the company’s network and detected an enormous amount of highly-sensitive data. This unprotected data was accessible to anyone able to gain access to their network. Above all, here’s what Executech found:

  • Over 30,000 Social Security numbers and 3,000 credit cards on the company’s server, openly accessible to anyone inside the network.
  • 13 personal identities of company employees, including login credentials, exploited by hackers and up for sale on the dark web
  • $15,231,676 of potential liabilities in the form of fines and fees as a result of the lack of security on Flexible Fuels’ network

Solution

Following Exeutech’s evaluation, the owners of Flexible Fuels were shocked. Hackers could exploit a massive amount of sensitive customer data, and the company faced millions of dollars of financial liability. Flexible Fuels soon called in Executech to serve as their new IT services provider as well as their managed security provider.

Executech responded immediately and met with the company to develop a customized managed IT services and managed security plan, which fit the company’s needs and budget.

  • Executech provided round-the-clock IT support
  • Improved and implemented security tools and procedures
  • Introduced new firewalls and email security
  • Provided consulting and educated employees on best practices

Because of Executech’s response, Flexible Fuels is much more secure today than they previously were.

Impact

To sum up, today, Flexible Fuels enjoys a secure network, protected by a state-of-the-art firewall, email filtering system, and antivirus. Executech consultants manage all of this and are available 24/7, 365 days a year. The company no longer faces the constant risk of criminals stealing and exploiting sensitive data. The owners of Flexible Fuels can focus on growing their business with the peace-of-mind provided by Executech’s world-class service.

Flexible Fuels is now a proud Executech client, relying on the company for not just managed security services, but managed IT support and managed cloud services as well.