You know the scenario: An employee sees a pop-up window that claims his or her PC has a virus. That same pop-up window displays a link that promises "next steps" to clean up the mess.
The employee clicks on the pop-up link for the saintly rescue service . Unfortunately, this is usually when the virus actually gets installed. Fear is an extremely powerful motivator and not one that is usually used by legitimate sources.
With those and other scenarios in mind, Bulletproof, a GLI company, has launched iJustGotHacked.com -- an emergency service website claiming to help businesses in the event of an attack or security breach.
When you visit the website you are greeted with a very simple one-page site. There are four sections to the page. The first one will explain who is the company behind the website. The second section goes on to tell you what you should do immediately when confronted with an attack. It will then explain how they can help, and then give you a few FAQ's.
Should MSSPs Emulate iJustGotHacked?
Although I do think it's great to have a general place for employees to go if they are worried about a potential breach at their company, I do have a few issues with the press release and website in general.
First, most companies are actually unaware that what they are experiencing is a virus, malware or a potential hack. On the website, the company explains that you may be experiencing a hack if you have performance degradation, popups, and other unexpected activity on your machine. Sure, those can be signs of malware. But hardware and software issues can also trigger those symptoms.
Second, they advise users to cut the potentially compromised machine from the network. While generally, this is good advice, it leads me to wonder what kind of support they would be able to give to a computer or even a network that no longer has access to the Internet. The ability for a security professional to physically be onsite would be a better solution for such a breach, since you would eventually need to connect the computer to the network for Bulletproof to diagnose the problem. In this situation a local security service provider would be the more appropriate option.
It's A Matter of Trust
In these sensitive situations, it is hard to know who you can trust, and who is just trying to open the doors to your company even further. I believe Bulletproof is a legitimate company, and would trust them to help clean up a security threat. They have a pedigree that includes security and IT managed services that dates back to 2001. But in their effort to grow beyond local services though, I think they are going to fall short.
I can see this service being helpful to MSP's who are not very familiar with cleaning up security issues. This way the MSP can diagnose the problem as something they are ill-equipped to handle, and be able to pass it along. To promote the service directly to companies without full-time IT staff seems to be taking advantage of security fears, and I would not trust they would be able to completely diagnose the other issues that could be affecting network performance.
Sarah Kimmel is a former MSP help desk manager. She blogs about IT management, mobile and security issues for MSSP Alert and ChannelE2E.