“Sara, did you get the email from Roy?”

“What email?” Sara mumbles, while clicking open her Outlook. “What time was that email?”

“9:54 a.m.,” a muffled voice rings out from the copier room.

“Great.”  Oh wow,” Sara ponders while reading the email.

“Why so much?” she continues, as she reaches for her glasses . “Nancy, do me a favor and wire $50,000 to Roy Tolle. But hold on, he wants to change his account number. Forwarding the email to you now.”

“I didn’t get the original,” a confused Nancy responds. “Why so much?”

“I can’t say,” notes Sara.

“Okay,” Nancy says, with a sigh . “But Roy doesn’t say if this is reoccurring or not.”

“It is,” Sara says, peeping over her cubicle. “That’s the way it’s been with him. So ,make it a weekly reoccural . Plus, he’s in Prague; who knows what he wants the money for.”

“Yeah, you’re right,” says Nancy. “You know, he usually calls to stop them for short periods of time before resuming.Also, he usually requests $5,000, not $50,000,” . Meanwhile, Roy is emailing back.

“Are you guys not getting his messages?” Cressida chimes in. “You’re all on it. Oh, he’s asking for our cell numbers. It says sorry guys, I dropped my phone looking over a bridge over the Vltava River.”

Nancy stands up from her desk. “I am simply not getting these messages. Please forward it.”

“Something is definitely wrong with your Outlook,” Cressida erupts, “because I’m looking right at your name.”

“Alright, I’ll call Bullet, in IT support”  responds Nancy.

“No,” Cressida snaps back. “Go down there.”

“Down in the basement?”

“Yes,” says Cressida. “You need help now.”

Nancy heads toward the basement. She’s not sending the $50,000 until she gets further confirmation.

Nancy knocks on the door marked ‘Technology,’ gets no answer and starts to walk back to the elevator.

But then the doors open and there is Bullet . “Looking for me?” he asks.

“Yes,” Nancy says. “I am NOT getting emails from Roy, but the rest of the ladies are.”

“Well, I am using you as a guinea pig,” says Bullet.  “I am doing a 30-day free trial for MXINSPECT on your desktop. eMazzanti wanted me to actually protect everyone and train you guys, but we’ve never had any real trouble, and to make my account manager feel like I was really paying attention to what she said, I opted for the trial.”

Her eyebrows go up, and Bullet continues. “ Let me tell you. My plans were to make her think I would eventually purchase it, but I’m going to cancel. I’ll make up some excuse,” he says.  “I was impressed by the fact that MXINSPECT can protect organizations from email threats, including phishing, malware, spam, and other forms of objectionable or dangerous content by leveraging leading technologies in a suite designed for small businesses like ours. But when does it end?  We have evaded these kinds of attacks for years. They did a security background on us and it came up with some associates’ information on it, but there were not many new ones; some of the associates had moved on.”

“Yeah, Bullet,” says Nancy, with a twitch. “But wouldn’t that be a cause for concern?”

“ Listen, I have been doing this for 15 years with a few hiccups here and there,” he says, with a wave of his hand.

“Bullet,” she urges, “Come on. Technology has evolved exponentially in the last 15 years.”

“ Yeah, well,tThat’s why I decided to give the service a run through, and now look.  I am all about the budget. Savng MONEY!Unfortunately, this MXINSPECT might be blocking Roy from emailing you. I don’t know; it’s supposed to keep predators and spam out. Let me look into it.”

He makes a call.

“It’s a great day at eMazzanti Technologies; how can I help you?,” says an eMazzanti account manager.

“Hi, this is Bullet from Prettler Marketing.”

“Hey Bullet, this is Jenny.”

“Jenny, just the person I wanted to speak to,” he says, relieved “Listen. The free trial of MXINSPECT that you set up for that one desktop, I think there may be an issue with it. One of the ladies in our accounts department, Nancy, is not getting emails that she is clearly cc’ed on.”

“Bullet, MXINSPECT doesn’t make trouble; it stops it,” Jenny says. “Explain to me what exactly is happening?”

“Well, some emails are coming through from the owner, Roy Tolle, who is traveling and may at times request wires, but  Nancy says she has not received the email.”

“Bullet, forward a copy of the email to me.” Moments later. “Bullet, what is Roy Tolle’s email?”

“It’s [email protected]., he notes.

“I thought so because that’s what we have,” she tells him.“Bullet, eMazzanti Technologies employees are trained to recognize a phishing attack. During your QBR last month, we discussed cybersecurity training for your staff. Unfortunately, I cannot twist your arm. The cost of your peace of mind could be $1 per user vs. thousands of lost dollars. We discussed this.It’s my job to sell you what I believe will ultimately help you, and I know you chose the 30-day free trial of MXINSPECT, which has helped you in this situation.”

4. Unauthorized Access to Sensitive Hardware:

• -If unauthorized individuals gain physical access to servers and network equipment, serious damage may result, including: installation of such unauthorized devices as USB drives that can be used for data theft or to introduce malware.
• Intentional or unintentional  hardware tampering  that can compromise the security of the entire network.

5. Exposing Sensitive Information:

-Visual Exposure: Unauthorized individuals may view sensitive information on monitors, or in printed documents left in an IT closet or elsewhere.

-Accidental Access: Unsupervised access can lead to accidental interactions with open applications or documents containing confidential data.

6. Network Security Breaches:

-Connecting Unauthorized Devices: Non-IT staff might connect personal devices to the network for charging or use, potentially opening entire networks to malware or other threats.-Misuse of Network Ports: Unused network ports can be exploited to gain unauthorized access to the network.

7. Consequences of Vulnerabilities:

-Data Breaches: Unauthorized access to sensitive data can lead to data breaches, leading to erosion of customer trust and non-compliance with data protection and other regulations.

-Introduction of Malware: The network can be compromised through the introduction of malware or other malicious software, leading to widespread IT infrastructure damage.

Mitigation Strategies:

1. Monitor and Review Premises

Install security cameras and alarm systems that alert IT staff to unauthorized access in real time.

Regularly review access logs and security footage to identify potential security breaches.

2. Implement Strict Access Protocols

– The presence of non-IT personnel in IT closets can lead to various security vulnerabilities, ranging from direct data breaches to compliance issues. So implement a policy of escorted access for non-IT personnel, ensuring they are always accompanied by an IT staff member.

-Use advanced access control systems that restrict entry to authorized personnel only.

3. Regular Security Audits

-Conduct regular security audits to identify and address potential vulnerabilities within the IT closet.

-Update security protocols regularly to adapt to new threats.

4. Training and Awareness Programs

-Educate all employees about the importance of IT security and the potential risks associated with unauthorized access, and update staff  on a regular basis  regarding new security policies and protocols.

-Employ network monitoring tools to detect unusual activity or unauthorized connections.

-Secure and monitor all network ports, and ensure that only necessary ports are open .

Mitigating these and other risks requires a combination of physical security measures, vigilant monitoring, regular audits, and continuous education of all staff members about the importance of IT security. Trained eMazzanti professionals can advise you of best practices regarding IT perimeter, access and other security measures.