Today internet security should be the priority of any business. Every business no matter how small or large comes under attack from online intruders at least once a year. Now it seems small businesses that deal in finance, accountancy, and e-commerce are the primary targets of those looking to make a quick buck. Here are 3 stories that can help you decide what you need to do to make sure your security when connecting to the online world is safe.
E-Commerce Website Defrauded
E-comm sites have come under attack mostly via the website itself. One of the worst stories I heard was someone hiring a freelancer to help them manage their e-comm products online. Later the owner of the website was bombarded with complaints that products they had paid for were not delivered. It turns out many of the products had redirects to an alternative shopping cart. The person helping with product uploads turned out to be an expert scam artist. Not by reputation of course.
It was that the scam was quite sophisticated although the concept not unheard of. The person did not need to hack into the website because the owner of the site for some reason gave the freelancer admin rights to the website. This allowed him to place redirects on the shopping cart. Anyone making a purchase, mostly regular buyers that already trusted the website, had no idea they were making a purchase from a fake company via PayPal.
The cart redirected to the fake company and processed the transaction. Then an email would follow a few days later explaining there was a delay with a delivery and that additional goodies had been added to the order. Now considering the volume of orders this website was processing, the freelancer got a way with over US$15,000.
Now the reason this is a great example of someone not protecting their business data is because of the carelessness involved. This person was hired off an unknown website because the price was right. Then, he was given admin rights. It is a little like leaving your debit card next to an ATM with the pin number written in it.
Crypto Wallet Emptied
Another example of carelessness was someone using an online IT support team for all of their IT purposes. This is a great way to reduce the costs involved with IT support, but you still have to be careful who you hire. It turns out that this person hired a company that sent an email offering their services. After scouting their website, he decided to hire them.
At first, they did a great job, but it wasn’t until he logged on to check the sudden rise in BTC that he realised that the BTC wallet had been emptied. Upon asking the crypto wallet what had happened, they said that the log on was from his IP address and that two-factor email confirmation had been used.
What happened was he stored his password in an excel spreadsheet. He also regularly had his email open on his desktop. Whoever was responsible was obviously from the IT team. They had access to his personal files, found the list of passwords, and tried all of them on the crypto wallet. It must have taken a little time to achieve this because they would have entered two wrong passwords per day, stopped for 24 hours then tried the next two.
Eventually when it was successful, he or she had access to the email to delete the message, which was set up in the email to go to spam unbeknown to the crypto wallet owner. The pin was entered, and the BTC transferred to a BTC address that no one knows who the owner is. This mistake cost over US$60,000.
Accountancy Firm Defrauded
This accountancy firm did not have a staff policy when it came to using the internet outside of the office. What appears to have happened is that a hacker gained access to the main server and managed to encrypt all the data. They then said that they managed to gain access through one of the staff laptops and that the company should forward payment to a public key, which was a cryptocurrency address.
Luckily for the firm their IT team was quick to react. They took the server down, changed all security credentials company wide, and restored the server from backups. They had an excellent disaster recovery plan already in action despite being a small firm with just 10 employees. They then implemented a policy for all staff to use software recommended by migliori VPN for any future connections to the internet that were not in the office.