Funny but true story.
Years ago, I went to meet a small business in Rockville to discuss Hilltop providing them managed services. I met them after I had sent in Paul Recksiek, our VP of Consulting, to conduct a free assessment of their network. I knew they were in a rush because their last MSP was circling the drain, and the only remaining good engineer from their soon-to-be former MSP was coming to work for me.
I let the business owners know that their firewall was wide open and that it was very likely that their open RDP or SQL ports would lead to their server getting hit with ransomware. There was no evidence of any remote backups, so if they got hit, it would be a really bad situation. I advised them repeatedly that it was critical to have any new MSP they hire prove that they had good remote backups.
A month later, they let us know that they opted to go with another local MSP. I thanked them for letting me know and to let me know if anything changed. I also reminded them (again) that they needed to get their backups checked and fixed ASAP. I also advised them (again) to get the ports on their firewall locked down.
Fast forward a couple of weeks…
The engineer I hired from their former MSP let me know that he received a call from the business owners I had met with. My prediction had come true, and they had reached out to him in hopes that he knew how their backups worked and hopefully knew how do restore their data. They were also slightly skeptical and asked, “Did Jim Turner hack our server and encrypt the data?”. They felt that the specificity and timing of my warning was too much of a coincidence.
The reality is that they should have spoken with us three years prior. Unfortunately, their former engineer didn't have the information they needed. The last I heard, their business continuity plan was to operate using pen and paper.
The moral of this story?
When a professional advises you multiple times that you need verifiable backups and warns you of the high probability you will get hacked…you should probably listen!