Blog

The Story

“You can’t verify enough,” claimed co-owner of Gotham Restaurant, Bret Csencitz, according to a New York Times Article (NYC). In May 2024, the Greenwich Village restaurant fell victim to a cyber attack that seemed trustworthy and cost them everything.

All it took was an email that looked exactly like any other email from their payroll company. The message stated they were changing banking information due to “internal issues” and needed to redirect the restaurant’s money.

The HR staffer reported the email to co-owner Csencitz right away and they compared this message with other messages from payroll. It seemed legitimate. So, he wired the money to the new account. 

Only hours later did they notice something off. They found the slightest spelling error in the URL – an extra letter in the email address of the sender. But by then the damage was done. The 40-year-old restaurant lost $45,000 and as they were still recovering from the hardship of COVID-19 shutdowns, it was the final nail in the coffin. Csencitz had to make the painful decision of “temporarily” closing the restaurant’s doors and letting go of staff.

When he contacted his bank about the event, the bank did nothing. And he didn’t have any form of cyber insurance to rescue him. Csencitz had to file a report with the FBI with no guarantee of ever seeing that money again. 

In November 2024 they permanently closed their doors after filing Chapter 11 bankruptcy. 

The Cyber Situation

Gotham Restaurant was not a major corporation. It was an upscale eatery in Manhattan with a book nook, a bistro, and a bar. That didn’t stop the cyber scammer from setting his trap and destroying the business. Inserting himself into an email conversation that was already going on is what we cyber geeks call a “man in the middle attack.” It’s becoming a more common form of infiltration that relies on human error and lack of attention to detail and can slip into any email conversation. Anyone – even careful businessowners – can fall for it. 

This didn’t need to happen to Gotham, though. 

One phone call to the payroll company could have alerted them to the scam and spared them from disaster. But all of us are human, and we are all capable of small yet costly mistakes. 

Preventable Measures

Other than a simple phone call, there were other steps Csencitz could have taken to prevent all of this.

One, was Cyber Security Insurance. In the event that he still wired the funds and realized his mistake after, he could have been reimbursed by the insurance company and not have gone under. Sure, insurance requires regular payments. Paying $5,000 a year sounds like a lot. But for a functional business that pays peoples’ salaries, it is significantly less costly than a complete and total shutdown.

Another was Remote Monitoring. With the assistance of a diligent cyber security company watching over the company’s IT fucntions, the presence of an unfamiliar email address could have been caught and reported. With this alert alone, Csencitz and his HR staff would have recognized the danger immediately and never have fallen prey to the attack. 

Another was Cyber Security Education. Knowing how these devious cyber criminals work forces one to be more vigilant. Csencitz and staff were already suspicious, so they compared the email with others to check its legitimacy. They should have trusted their gut more and gone further – made the phone call. Blocked the user.

You don’t need to be a cyber genius to sense danger. But you do need the security to confirm your suspicions. 

You also don’t need to run a Fortune 500 Company to catch the attention of malicious Cyber Scammers. Any small or medium business will do.

Bret Csencitz was right, you can’t verify enough. But with the help of a trustworthy cyber security service, you don’t have to do it alone. 

Educate yourself. Reach out to Cyber Security Professionals. And consider getting your business insured against cyber attacks. What you do matters and deserves to be protected.

Sincerely, 

By Senior Executive Copywriter Danielle Martin 
And Cyber Security Liaison Hill Snover

A half-ton spacecraft was hurtling toward earth uncontrollably and the impact destination was more than 50% of the globe. Unless you’re in Antarctica, that means Kosmos 482 could have landed on YOUR HEAD. And yet, statistically, if you own a business and you rely on online data to run your company, you’re still far more likely to be targeted by a cyber criminal than to be crushed by space debris.

The reality is that even though this raging satellite that’s been roaming around since the 70s was driving right toward us all, there is only one spacecraft and a whole lot of ocean to catch it. Cyber Criminals are numerous, they’re always active, and they can hit more than one business at a time. 

Want to know what’s stopping them from hitting you over the head with a virus or stealing all your client’s private information? 

Nothing. 

There’s no safety net of a big blue ocean to take the fall. (*The satellite did hit the ocean, if you were wondering. The Indian Ocean. So I guess that’s one less thing to stress about.)

However, if a Russian satellite dropping down still alarmed you more than a cyber attack, consider these statistics:

https://www.hipaajournal.com/2024-healthcare-data-breach-report/

According to HIPAA, breaches increase every year. Between 2018 and 2021, cyber attacks increased by 93.7% mainly due to hijacking and ransomware incidents as shown by the graph below: 

The statistics are SKY SCRAPING and this is just in our healthcare. 

Now that’s all well and scary but what does anyone actually mean by “Cyber Attack” and “Cyber Criminal”? 

A Cyber Attack is any effort to steal, expose, change, disable or destroy data, applications or other assets through unauthorized access. So, that’s someone getting in and disabling your contact info in a CRM. Credit card data. Birth dates. Names and addresses. Social security numbers. Backups. Whatever you’ve got, it’s valuable and vulnerable without the proper protection.

Cyber Criminals are people who make it their business to go through these efforts all the time like it’s their day job. In a way, it is. If you didn’t already know this (because I sure didn’t before writing this article) cyber crime is a multi-million dollar “business” that prioritizes any vulnerabilities and targets that it can. 

If you like, I can give you an example of an attack.

This happened in 2024 with a large company and it was all over the news. 

There was a Kaiser-Permanente data breach wherein a cyber criminal used tracking technologies through their own website to steal the personal data of an estimated 13.4 Billion individuals and sold them to third-parties. (Get more info here: https://www.hipaajournal.com/kaiser-permanente-website-tracker-breach-affects-13-4-million-individuals/)

The results? Not reported. But I can tell you the loss of client trust with billions of people’s personal health related information stood before a firing squad. The loss of client trust, the damage control, all the mess of reacting to and fixing the breach must have cost a pretty penny. Meanwhile Kaiser-Permanente is a large, well known business with many resources and yet even they fell prey to cyber criminals.

A large company like theirs could probably afford to lose a bit of client trust and turn things around in the next few years. Maybe. 

Could yours? 

While this may have been the largest data breach of 2024, your business is just as much at risk as theirs was. 

So, what can you do about it?

Answer: Find out how your company can be protected. Talk to a professional. Seriously. 

You have worked hard for what you have. No one should be able to just take that from you. 

We – your friendly neighborhood cyber geeks – are here to help.

Technologies Plus has over 30 years of Security Consulting, IT Consulting, and Software Development experience under its belt. After witnessing a friend’s company get brutally hacked and all their information held at ransom for thousands and thousands of dollars, owner and CEO Layton Snover decided to provide preventative measures for other businesses. He launched the Cyber Protection Services of T-Plus to help business owners like you keep your business your business. 

If you’re serious about protecting your interests and your clients, check out the website and give us a call. 

Your information might not be as protected as you think. Find out where your vulnerabilities lie so that you don’t fall prey to costly attacks like Kaiser-Permanente did. Attacks DO come. When they do, you want to be SURE your insurance will cover you. 

We can help with that, too. 

Technologies Plus is a small business located in Slatington Pennsylvania and we support other small to medium businesses. You don’t need 10,000 employees to keep hackers out of your database, or to do the work you do, and neither do we. 

Calls are free. Talk to Layton: 610-417-5395

Want to stay in the loop on all things cyber secure? Sign up for our free newsletter! You can receive security tips, news, and insights that could save your business from cyber crime every month right in your inbox. 

Keep in touch,

Sincerely,

Technologies Plus

We are glad to have you visit. Come back soon as we start to add new articles related to IT security and custom business software.