Don’t Let Your Business Be The Next Target!
Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.
In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.
The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.
When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.
Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee.
The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself:
1. Share this article to make sure your staff is aware of these types of scams:
-Cybercriminals’ #1 advantage is still hubris; businesses and most people in general insist that “nobody would want to hack me” and therefore aren’t extremely cautious with cyber protections.
2. Make sure you create strong, unique passwords for EACH application you and your team log into:
-Use a good password management tool such as Bitwarden or LastPass to manage this, but remember IT MUST BE USED IN ORDER TO WORK. For example, don’t allow employees to store passwords in Chrome and bypass the password management system.
3. Minimize the number of people logging into any account:
-If someone needs access, give them that access and then remove them as a user ASAP immediately after. The more users you have on a cloud application, the greater the chances are of a breach.
4. Make sure all devices that touch your network are secure:
-Keylogger malware can live on a device to steal all of your data and credentials.
If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.
It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.