GBA Case History Series – Case History #109 - We Were Hacked

Summary

Member Firm with multiple offices became the victim of foreign hacking enterprise. It started when an employee of the firm innocently opened an email from an unsuspected contact and clicked on a link allowing the hackers to access the Member Firm’s management systems. Unbeknownst to anyone, the infiltrators spent months learning about the Member Firm’s operations, information storage and data. After obtaining and securing the information that they were after, the hackers locked out the Member Firm keeping them from accessing their IT systems, including emails and project files. They promptly demanded seven-figure sum of money for the key to their lock.

Our Host

Jennifer Sanborn, PE – Vice President/Sanborn, Head & Associates, Inc. (Link to Profile)

Jenn’s work in environmental site characterization and remediation has taken her to the leading edge of our practice in vapor intrusion and emerging contaminants. Jenn works on a number of projects under the USEPA Brownfields program, conducting environmental assessments and preparing regulatory submittals. She has extensive field experience and familiarity with environmental regulations across several states. At Sanborn Head, Jenn helps with Sanborn Head’s business practices, reviewing contracts and educating staff about risk management practices. As a supervisor, Jenn also enjoys the opportunity to mentor staff and guide their career development. She is also a member of Sanborn Head’s Board of Directors.

Our Guest

Doug Barbosa – Director of Information Technology /Sanborn, Head & Associates, Inc. (Link to Profile)

Doug is responsible for building and maintaining Sanborn Head’s technology infrastructure. In this capacity he manages their IT team and oversees the planning and development of the information systems and data processes so that everyone at Sanborn Head has the tools and solutions needed to service their clients. Doug is an expert in the area of cybersecurity and takes great pride in his efforts to protect Sanborn Head’s and their clients’ data and ensure a smooth operational environment.

Lessons Learned

• Purchase Cyber/Ransomware insurance
• Replace old computers,update/upgrade security software and apps
• Train staff on cyber security and anti-phishing protocols; test regularly
• Bring in an outside cyber expert to evaluate your systems and get recommendations to address weak points
• Leadership, employee and client resilience

Calls-to-action:

• Download Case History #109: https://www.geoprofessional.org/product/gba-case-history-no-109/
• Visit the following link to access all of GBA’s Case Histories: https://www.geoprofessional.org/gba-case-histories/
• An account is required to download the individual Case Histories, which are free for GBA Member Firms.
• Visit the GBA Website at https://www.geoprofessional.org for other training resources and reference materials and/or to become a member.
• Visit https://www.gbapodcast.com for future Podcast Episodes
• Contact us at info@geoprofessional.org with any podcast-related questions or comments

Subscribe

• Subscribe to the GBA Podcast https://www.gbapodcast.com/subscribe

This episode was produced by the following GBA Members:

• Tiffany Vorhies, NACE CIP-2 – Vice President/SME
• Ryan White, PE, GE – Principal Geotechnical Engineer/PBS Engineering and Environmental Inc.
• Jennifer Sanborn, PE – Vice President/Sanborn, Head & Associates, Inc.
• Elizabeth Brown, PE - Geotechnical Services Manager/Atlas Technical Consultants