Her business, which turns around $130 million a year distributing beauty products including popular brands Max Factor and Covergirl, lost $2 million when a hacker got into her files last year.

The business owner came close to losing everything she had built over 20 years when she discovered her entire online business had been hacked.

She was at a conference in London when Ms Franklin’s colleague opened up her laptop to see the company’s shared drive was completely empty except for a ransom note.

The hacker had encrypted all files and documents, demanding $US40,000 in bitcoin in ransom.

Ms Franklin tried negotiating with the hacker while her IT specialist team worked 16-hour shifts to try to recover the files. She discovered that many of the files had been deleted and wouldn’t be able to be retrieved even if the ransom was handed over.

The person responsible was a serial Russian hacker who had sold all the files on the dark web for $US3500.

“It was a painful, unnecessary, unpleasant experience and you’ll never get that money back,” Ms Franklin said.

“It was like someone coming out the blue and giving you a slap in the face,” she told news.com.au. “I was shocked.”

RELATED: Coalition fortifies Australian cyber security

RECOVERY MODE

Her next move was assessing the damage and doing what she could to protect the business.

“My first thought was how quickly can we get this fixed,” she said. “I was driven by recovery, not responding.”

Ms Franklin said she couldn’t have done it without her team who pulled all-nighters, working 20 hours non-stop to protect the business and shut everything down, and put up new firewalls and passwords. The business was able to trade again within four days.

Between the company’s customers, staff, suppliers and brands, communication was vital to keeping everyone informed.

It’s integral to have a solid internal and external communications plan to ensure everyone knows what’s going on, Ms Franklin said. “It’s also the speed that you can execute those plans.”

All her staff had their personal details hacked, including their tax file numbers – but fortunately no one had a flow-on impact from that.

“We had to contact all staff, past and present, to inform them of what happened,” she said.

RELATED: Inside the Australian Cyber Security Centre operations

PROTECT YOUR BUSINESS

Businesses can overhaul their online security to avoid this happening to them, Ms Franklin said.

She said it’s integral to “do everything you can to mitigate your risk of being hacked and have a plan in place”.

“You need to have a plan on the assumption that you can be hacked,” she said. “They can get in if they want to. You need to have a plan ready to go.

“When it happened to us we didn’t even know where to start. We didn’t know what to do.

So now we have a list of things ready.”

The hacking happened about a month after a staff member clicked on an email that looked legitimate. “Phishing emails are so authentic looking,” she reiterated. She added that it’s important to check with your IT team and not click on anything that asks you to update an email or login, even if it look real.

“To minimise the risk, you need to constantly teach your staff,” she said. “You have to be really diligent in your plan, and make sure staff understand. Have your processes well documented and up to date.”

CYBERSECURITY TIPS

On top of having a plan in place and ensuring your team knows what to do, she says two-factor authentication is imperative – as well as backing up your files and changing your administrator name.

“You absolutely need to have two-factor authentication,” she said. “Backups and two-factor authentication are the most critical.

“Importantly, change the administrator in your system to another name because everyone knows that the administrator is the person at the top,” she said.

“Test your team all the time, update passwords, do the software updates when they come in, and have everything backed up on a separate server, preferably on the cloud.”

Ms Franklin added that it’s really important to have separate cyber insurance which many businesses bypass or don’t even realise they can have.

“Years ago cyber wasn’t an issue, but if you don’t have specific cyber insurance you won’t be covered. It’s a separate policy. I would encourage everyone to get cyber security insurance,” she said.

RELATED: Small businesses face increasing cyber threat

NEVER AGAIN

As Ms Franklin was in London at the time, she was trying to mange the situation remotely while her team was working around the clock from head office in Melbourne.

“It was horrific, absolutely horrific,” she said when explaining what it was like to deal with a cyber threat.

“It’s a lot of money in anybody’s terms, and you never get it all back. It was terrible,” she said.

“I don’t know any small-to-medium-sized businesses who have cash like that lying around,” she told news.com.au. “We had no income whatsoever and we had to do payroll, and there were orders we couldn’t ship out or place.”

It took about a month to restore and recover the files – but not everything was able to be retrieved. “We weren’t able to recover everything. We lost momentum and we had to rebuild to start again.”

She likened being hacked to daylight robbery.

“It is theft. We were robbed. People don’t think about having your IP robbed, but it’s like ripping the heart out of your business. It’s robbery.”

She warned other businesses: “Don’t assume it can’t happen to you. Be really careful.”

You can hear more from Gillian Franklin and other small business owners on being hacked tonight at 8.30pm on SBS Insight