Counselor

SOI 2018: The Cybersecurity Challenge in the Promo Industry

As malware attacks become more prevalent and costly, promotional firms face a critical moment.

Les Dorfman calls it “probably the worst virus” he’s ever seen in his 35 years in the industry.

State of the Industry 2018 Index Page

In April, Dorfman’s company, California-based High Caliber Line (asi/43442), faced a malware attack that repeatedly disrupted the supplier’s systems over several days. The virus arrived in emails that appeared to be from customers, asking recipients to click on a link to complete a shipping form. Simply clicking the link launched the virus.

“It spreads very rapidly throughout your computers and servers,” says Dorfman, High Caliber’s EVP. “No one should click that link.”

Working around the clock, the IT team at High Caliber removed the malware – a “Trickbot” that can generate and rapidly download other viruses leading to dreaded blue screens. This particular virus was complex: it was able to hide in several places, including the “C Windows” directory and “net defender” folders.

After the virus was accidently triggered again, High Caliber staffers were forced at times to manually fulfill orders. “Everyone in the industry needs to be aware that this is out there,” says Dorfman.

High Caliber, which ultimately defeated the virus, wasn’t the only firm that was recently targeted by malware. Counselor has confirmed both suppliers and distributors fell prey to the recent virus, although only a handful publicly acknowledged the attacks. Among those companies that reported recent episodes are Hub Promotional Group (asi/61966) – which was able to fend off the virus before it took out its systems – and Hit Promotional Products (asi/61125), which announced the attack in late April.

“Since the initial infection, we immediately engaged an outside security firm to actively monitor the virus, and we’ve taken many additional security measures to harden our network to contain and eliminate the virus,” says Krista Ward, Hit’s director of marketing.

As these attacks clearly show, the promo products industry isn’t immune to what’s become a very real and crippling threat to companies across the U.S. At particular risk are small businesses, which make up the vast majority of the promo products market. In fact, recent reports, including one released last September by the Ponemon Institute, show more than 60% of U.S. small businesses have been hit by cyber attacks over the past year. “The most prevalent attacks against smaller businesses are phishing/social engineering and web-based,” the report’s authors wrote. “Respondents say cyber attacks are more targeted, severe and sophisticated.”

“Everyone in the industry needs to be aware that this is out there.”Les Dorfman, High Caliber Line

According to UPS Capital, these cyber attacks typically cost small businesses between $84,000 and $148,000 each, and about 60% of small businesses go out of business within six months of an attack.

Although it’s rarely mentioned among the top challenges promo firms are dealing with, the evidence is mounting that cyber security is a considerable topic that must be addressed. “These data scams are very convincing and can have extremely serious repercussions,” Dorfman says. “Major preventive measures have to be taken.”

Few Small Distributors Have Data Security Polices

For the first time ever, Counselor’s 2018 SOI survey asked distributors about cybersecurity. The results show the clear majority of smaller promo firms need to develop stronger controls for data protection. In total, only 39% of distributors say they have a formal data security policy in place. That figure lags behind the 50% average of all U.S. businesses, a stat released in a recent report from Nationwide Insurance. What’s a formal policy? It could include password management, oversight of software licenses and email usage rules. As the chart shows, the larger the distributorship, the more likely it is the firm has data security measures.

9 Tips for Keeping Data Safe

Carnage is only a mouse-click away. That’s the inescapable reality in the age of internet-connected digital business. Hackers are continually creating viruses that can do everything from take over computer systems to steal sensitive data like credit card numbers. Here are steps IT execs in the promo market suggest industry firms take to secure their digital info.

1. Use an Email Gateway Like Mimecast. “Email is often the Trojan Horse of malware getting into your network,” says Marc Sule, CIO at Top 40 supplier alphabroder (as/34063). “A secure gateway can lower your risk by monitoring and blocking users from opening malware attachments or clicking bad URLs.”

2. Utilize Malware-Scanning Software that routinely scans corporate systems and personal computers, and alerts your IT team when malware is detected. Microsoft’s SCCM Endpoint Protection is a popular choice. “Endpoint protection helps prevent targeted attacks,” says Greg Muzzillo, founder of Top 40 distributor Proforma (asi/300094).

3. Build Sturdy Walls. All networks should have firewalls that are configured correctly, continually patched and constantly monitored. “It’s critical to have a properly configured next-generation firewall with unified threat management,” says Muzzillo.

4. All Computers Should Have Anti-Virus Protection that’s updated in real time and makes use of heuristics and behavior analysis. Armughan Rafat, CTO for ASI, notes that all systems, including third party software, must be up to date on patches and feature strong spam filters.

5. Have Good Backups in Place. “Always back up your critical systems on a separate VLAN away from the production system,” says Sule. “If your production systems and logical backups (or even DR environment) all exist on the same VLAN, ransomware may be able to spread and encrypt them all, leaving little option for recovery.”

6. Be Link & Attachment Savvy. “Never open an attachment or link from someone you don’t know,” says Muzzillo. Be sure to check links before clicking on them. By hovering over a link, you can see the actual web address you’re being directed to. Make sure the link is taking you to the website you expected. “Links in scam emails may direct you to web addresses that are long, unfamiliar and use random characters,” Muzzillo adds.

7. Be Smart With Passwords. Your company should have safe password practices like two-factor authentication. Never use the same password for critical systems like email and logins.

8. Encourage Communication. “Make sure employees know to report any suspicious emails to a supervisor in charge and the IT department,” says Les Dorfman, EVP of High Caliber Line (asi/43442).

9. Remind & Consider Training. Send periodic reminders to staff about cyber security best practices they should be following. Also, consider providing employees with cyber safety training. Alphabroder, for example, recently contracted a company that provides anti-phishing training and mock phishing campaigns to monitor, score and identify additional training needs within its corporate user base.

A Timeline: Notable Cyber Attacks in Promo Industry

While breaches have been increasingly reported in the U.S. in recent years, the promo market faced significant attacks as far back as a decade ago.

September 2008
Hackers raided Newton Manufacturing’s systems several times, obtaining the social security numbers of certain clients. The attacks were found during an audit at Newton.

August 2009
Gateway CDI suffered a significant summertime breach, leading its client Mozilla Firefox to temporarily shut down its online store which sold promotional items like T-shirts, mugs and mousepads.

November 2009
A late-year attack overloaded servers at supplier Leed’s (asi/66887), disabling the company’s main website for several days and disrupting the firm’s overall business.

June 2015
Casad Company (asi/168375), which runs the site totallypromotional.com, reported hackers accessed the credit/debit card info of some customers. Casad learned of the breach after customers saw unauthorized charges on their cards.

February 2018
A ransomware attack took HALO Branded Solutions’ (asi/356000) ERP system offline for two weeks. Company reps had to communicate with clients by using their personal email addresses.

April 2018
The same malware attacked systems at supplier High Caliber Line (asi/43442) multiple times over four days, forcing the company to keep up with orders manually.

April 2018
A virus disrupted the computer systems at Hit Promotional Products (asi/61125), targeting a protocol on one of the supplier’s file servers that processes artwork.