Hacks don’t just happen to large organisations – or to people working in an office. These are just the ones that make the news.
Every day criminals attempt to hack businesses of all sizes, and with more employees than ever working from home for at least part of every week, we all need to be more aware of how we act online.
If you’re working remotely, or working on holiday this summer, read these real-life stories and take the tips to heart.
‘Transfer £70,000 please’
One afternoon, Andrea Jackson, the Business Manager at Silverline Risk Management, received an email from her CEO, John Millar: “Can you please transfer £70,000 to ABC Technology Ltd – here are their bank details.”
Andrea replied, “Well, that would mean I’d have to liquidate a short-term certificate of deposit, because we don’t have that in ready funds. What’s it for?”
“OK, just do it, it needs to happen today. So just go ahead” – John.
It turns out John’s work email had been hacked. And the only reason the company didn’t lose £70,000 – and more – is because Andrea and John are actually married and work at desks across from each other. Andrea queried the email with John, who said he hadn’t sent her anything at all.
How did the hackers get in? John had an email weeks earlier with a link to an interesting article. He clicked the link, but nothing happened. So he tried a couple more times and then forgot about it. But it was too late – the hacker was in and able to start working out how best to use the people within the company to get money out of them. Had it worked, John and Andrea’s business – which employs 30 people – could have gone under.
Tip 1: John should have verified where the email came from. And after clicking and getting nothing, he should have reported it to his IT support immediately. If you don’t recognise the sender, or expect the link, be suspicious. Awareness and speedy action can make all the difference.
Tip 2: Always make regular backups. We don’t know what could have happened here, but hackers steal data. Backup regularly to a removable drive, or make sure your IT support is running backups for you. Don’t forget that the Cloud is not a backup – if hackers get into your system they are already in your cloud.
Hacked on café wifi
Katherine was on holiday in Italy and every morning she had breakfast in a local café. She used the café’s public wifi to connect to the internet to check her phone. Her messages were hacked by someone, giving them access to her email account. Once there, they intercepted a couple of invoices she had drafted to send to a client and changed the bank account details. The client paid the invoice – into the criminal’s account. Katherine was out of pocket, but the clients still owed Katherine the money.
Tip 3: Don’t use public wifi, especially if you don’t have to log in to it with any credentials. It’s simple for a hacker to mimic networks to make you think you’re on the right one. Use a VPN (virtual private network) – an app you can put on your phone or laptop that protects your traffic, so others can’t read it. Doing that would have saved Katherine and her clients time, money and stress.
Tip 4: when you get an invoice, check the payment and contact details against the details you already have. If they are different, contact your supplier using the contact details you already have for them – not what’s on the invoice. This simple check could save you a lot of money and hassle.
Stealing an Instagram account
Jill is a freelance photographer. She relies on Instagram for exposure to new clients. On holiday in Vietnam, she uploaded posts to her account via public wifi networks. Her account was compromised – someone took over and changed the login details. Jill lost control of her 19,000 followers. She has lost the account and had to start again.
Tip 5: Use two-factor authentication (2FA). If you protect your accounts only with a password, you’re vulnerable, especially if you have a simple password and you re-use simple versions of it for other accounts. By adding another factor to the password, you are improving your security and helping to prevent this sort of hack.
What else can you do to stay safe?
Train your staff. If all that your employees get in terms of cyber awareness is a monthly email reminding them to be vigilant, you’re not doing enough.
Good cyber security starts with nurturing the right behaviours: motivating and nudging people to make the right decisions. Invest in good training to change behaviour as this will make a real and measurable difference to your business. Take care out there!