spoofed the phone number to make it look like the bank was calling. And rather than hang up and call the bank back, [the bad actor] said, ‘Oh, we’re going to send you the link, so that way you can confirm this bad ACH.’” He clicked through and shared his creden- tials. That was the access needed. West Music recovered only about 10% of what was taken. At Paige’s Music, it was a Sunday morn- ing in 2022, and Tim Gee got a call from the director of operations to say that the cursor was moving across the computer by itself. He happened to catch the intruder in the act. “[Our director of operations] immediately grabbed his mouse and shut down his com- puter, but not before the hacker knew that he’d been caught, and so he ran his script, and it encrypted some shared files,” Gee said. “It corrupted about a dozen PCs across the company because we were leaving those on all the time.” So, what can be done? For starters, turn off computers during off hours, have two-factor authentication set up and, if the bank calls looking for information, call them back at a number you know is correct. Also, to avoid social engineering, Quinlan & Fabish’s Marsha Orwig recommended cyber attack training for employees. MI
From left: Quinlan & Fabish Music’s Marsha Orwig, Ted Brown Music’s Garrison Grisaffi, Paige’s Music’s Tim Gee, West Music’s Ryan West and Paige’s Music’s Jeremy McQueary.
Protecting Against Cyber Attacks C yber attacks are now an issue for all businesses. Jeremy McQueary of Paige’s Music in Indianapolis moderated a ses-
“I got a phone call from our bank, and there [were] some concerning transactions that were taking place within the ACH system,” West said. “They were calling to let me know that they identified it, and that they were in the process of stopping access and whatnot.” West said a bad actor during that time called the CFO imitating the bank and was able to gain access and began to move funds out of the account to other accounts around the country. “We had been going through a lot of manual processes as we were doing our recurring bill- ings and everything else,” West said. “So, it wasn’t out of the ordinary. [But] they had
sion on the topic during NASMD with a panel of retailers, where three of the four panelists have fallen victim to these attacks. In addition to losing data, “This isn’t just affecting large companies,” said McQueary in introducing the session. “In 2025, small business cyber attacks doubled.” At West Music, the attack happened during a time of transition. West Music had just hired a new CFO and, at the same time, the company’s bank was changing over its ACH system.
1. 2.
3.
4.
Bocce Wins the Day NASMD’s annual bocce tournament couldn’t be contained by the rain outside. When the storm rolled in, the tournament moved into a ballroom at JW Marriott Miami Turnberry. As usual, costumes and shenanigans were in full force: 1. Conn-Selmer’s Mike Kamphuis (center) tries his luck. 2. West Music’s Ryan West and former NASMD President Rosi Johnson dressed in their bocce day finest. 3. Team Yamaha receives their award for winning the 2026 NASMD bocce tournament. 4. Maple Leaf Strings’ Erin Kessler (second from left) rolls a winner, while maintaining a sure grasp on her drink, for the Average Joe’s. 5. Buffet Crampon’s François Kloc (middle) gets down for team Me Win Bocce Now! (formerly known as Spank Jon Harris). 6. KHS’ Jerry Goldenson and Craig Denny were bocce tournament favorites passing out drink tickets and snacks!
5.
6.
JUNE 2026 I MUSIC INC. I 43
Powered by FlippingBook