Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just one weekend, the hackers pulled off a heist, running over $250,000 worth of ads for their online gambling site. To add insult to injury, the rightful owner was removed as the admin, resulting in the firm's entire Facebook account being shut down.
Shockingly, Facebook was not held responsible for replacing the lost funds. Why? According to Facebook, since the hacker used legit login credentials, it's not their problem. The marketing company’s bank did not cover the cost of the losses either since this type of fraud was not covered by their insurance policy. In the end, the marketing company covered 100% of the financial losses for this cyberattack.
But that's not all. They also had to rebuild their Facebook audience from scratch, a task that took them years to build. The grand total of this digital nightmare? A whopping half a million dollars down the drain.
And it's not an isolated incident. Another company logged into their account to find their ads paused. Sounds like a glitch, right? Wrong. A hacker had waltzed in, paused all legit ads, and set up 20 new ads promoting a weight-loss spam site with a budget of $143,000 per day. Potentially, the attack would result in a $2.8 million loss.
Luckily, the compromised account was discovered and shut down quickly, limiting the company’s losses to a not-so-small $40,000 to $50,000. However, the company couldn't run ads on their account for two weeks while the issue was being resolved, leading to additional lost revenue.
Now, before you start pointing fingers elsewhere, here's the cold truth – if your online accounts get hacked due to weak passwords, lack of multifactor authentication, lax email security, or malware infestations, IT’S ON YOU.
In the above-given scenarios, Facebook's security didn't falter; it was a failure on the part of the employees.
Facebook is just one of the many applications that businesses use in their day-to-day operations – all of which, prone to be hacked. Any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials.
The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to avoid being a victim of a cyber attack:
- Spread the Word: Share this article with your team. Cybercriminals thrive on hubris – the belief that "nobody would want to hack me." If this is the attitude that you adopt in your business operations, it’s only a matter of time before you get hacked. Make sure your team is cautious.
- Secure Passwords: Use strong, unique passwords for each application that you use in your business. Consider a password management tool like 1Password, RoboForm, etc. But remember, it only works if you use it. Don’t allow employees to store passwords in Chrome and bypass the password management system.
- Limit Access: Minimize the number of people with access to your cloud applications. Grant access only to the employees who need the application and revoke access to the ones who don’t. The more users you have on a cloud application, the greater the chances of a breach.
- Device Security: Ensure all devices touching your network are secure. Keylogger malware can be a silent threat stealing your data and credentials.
IT Support Near Greater Philadelphia
Want to be sure your organization is truly secure? Request a free Cyber Security Risk Assessment to gauge your protection against potential threats. If it's been more than six months since your last independent audit, you're due. It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what it should.