Friday at 5

When the phone rang, it was Will asking if I had remoted into his computer, or if the database guy might have. I hadn’t, and the database guy didn’t have access. My admin console showed no threats, and the Security Operations Center that monitors all the logs hadn't notified me of any problems requiring action on my part. Okay, there's always a first time.

The affected PC runs the UPS server, and there were packages needing to go out. But when an unknown entity is moving your mouse, you have to act. This particular situation called for removing the computer from the internet and wiping the hard drive, doing a clean installation of Windows. Will brought up Occam’s Razor. That sound of hoof beats in the distance is almost never a zebra. True, but?

The database guy has remote access to one of our servers. On that server was a remote desktop session pointing to the affected computer. So it was the database guy moving the mouse. “Once is coincidence. Twice is enemy action,” Will suggested.

”We have met the enemy, and he is us,” according to Pogo. I'm glad it turned out to be the database guy, but we should always be vigilant and fully protected against cyber attacks. Backups. Endpoint protection. Multifactor Authentication. Anti-phishing. User education. Your IT guy and insurance provider have been sounding the alarm on the various threats we face as businesses. The good news is that we've got great tools and people to defend ourselves against these risks. I'll be happy to show you how.