You got hacked – now what?

‘Terrifying’ is one of the adjectives Scott Aubuchon uses to describe being hacked; hear how his hardware business The Aubuchon Company learned from and survived the experience.

Tim Burke

8/7/2023

After having his hardware store system hacked, Scott Aubuchon, VP of IT at The Aubuchon Company shares his experiences. Image created by Tim Burke.

“I think we’ve been hacked.”

Those are words no one wants to hear. Especially not owners of hardware businesses.

But a few days before Memorial Day weekend – a busy time of year for hardware stores – that’s exactly the words Scott Aubuchon, VP of IT at The Aubuchon Company, woke up to in a text from his IT manager.

Panic. Fear. Terrified. That awful lump in your stomach.

That’s how he described to an audience at the recent NHPA conference in Dallas, his feelings in the first few moments as he jumped up and rushed to his office that morning a couple years ago.

“A cybersecurity threat,” his voice echoed to a darkened auditorium, the audience silently hanging on his words, “came to me in the form of that wake-up text.”

On stage framed in a spotlight, his red shirt seemed to almost glow – as if in a warning to other hardware retail owners to get on their guard.

The first thing he did was, “run to the office and unplug the internet; then unplug all our switches,” he said.

As his heart pounded and he pulled the plugs, he took a breath and realized that step one would have to be calling their insurance company. They advised him to get in touch with his cybersecurity insurance company. He also contacted their law firm.

“We were attacked by ransomware on five of our servers, it was determined,” said Aubuchon.

“We contacted a cyber security firm who was to handle the threat negotiations,” he explained to the silent crowd, rapt with his story.

It turned out, “the perps had found a hole in our firewall from a past test we had conducted and that we forgot to plug back up,” he said.

The breach affected their buy online orders so that they couldn’t see the orders.

So they negotiated.

Scott Aubuchon talks about cyber threats to retail hardware businesses a crown at the recent North American Hardware and Paint Association (NHPA) Independents Conference in Dallas.

This was done through people trained by the cyber security company in ransomware negotiations.

“It was nerve-racking,” said Aubuchon, “but finally after a couple days we received a decryption key to unlock our files, and after about seven days we were pretty much back up to 90%.”

Luckily no credit cards or personal data had been affected. After that incident, he said, they worked on tightening their systems. And they now regularly review everything.

Scott Reynolds, president and CEO of the American Hardware and Lumber Insurance company, also on stage, describe the four key areas of cyber security.

“Number one – and it’s a big one – is data backup,” he said. “The others are: Protection, detection and restore.”

But backup is king. Having a copy of all your – what he termed “precious data” – means “you might not need to pay ransom,” he said.

The presentation turned back to Scott Aubuchon to apply the final exclamation point.

“It takes a hack incident,” he said slowly, “to get people’s attention. And then you get more in the budget to defend yourself.”

Aubuchon Company has bolstered its IT resources to support cyber protection. He added a final grim warning.

“It’s not ‘if’ but ‘when’ for getting hacked.”

Advertisement - article continues below

Related Content

Hardware dealers and tech interface

The future of hardware

Related Topics