It might start with an email alert: suspicious activity has been detected on your account. No big deal, you’ll log in and check to make sure all is well. Except you can’t log in. The security measures you had implemented (your password was complex! You employed two-factor authentication requiring a code sent via text to your phone!) didn’t cut it. Someone else now has control of your account, and you’ve lost access to all of it.
If you’ve experienced a hack, you’re already familiar with how invasive it feels and how devastating it can be to you and your business, particularly if you don’t have a solid recovery plan in place and an adept IT team to manage it.
If you haven’t yet had the pleasure, getting hacked feels like a stranger came into your house while you were out, changed the locks, and took possession of everything you own. It feels that way because they essentially did — we have robust lives online nowadays. Our personal goings-on, vital business data, and financial information is largely digital. Heck, even our family photo albums likely reside online.
The Current State of Cybercrime
When your account is hacked, there is a good chance you’re completely locked out of it. In ransomware cases, they might even extort you for money just to get your data decrypted (while that’s frustrating beyond measure, at least there’s a modicum of hope you’ll get your account access or information back. For most hacks, that’s not the case).
And while the news reports on the data breaches of big corporations — like the 700 million LinkedIn users whose data was posted for sale on the dark web earlier this year — breaches happen to businesses of every size. This year, it’s estimated that businesses fall victim to ransomware every 11 seconds. Every 11 seconds!
Rates are increasing, too. Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes. Cybercrime is big business (no joke, by 2025, cybercrime will be more profitable than the global trade of all major illegal drugs combined), and it affects all businesses. 43% of cyber attacks are actually on small businesses.
Hackers target individuals, too. A lot. There is a cyber attack on individuals every 39 seconds!
Once You’re Hacked, Can You Ever Get It Back?
Consider all the personal accounts you have online: social media, banking, email — not to mention the plethora of the sites on which you shop, book appointments, design T-shirts, register for events, or order freshly baked cookies delivered to your door.
Of course, those companies must have impeccable data security, right? Not necessarily.
Even super-big ones like Facebook, which have billions of users and manage a tremendous amount of user data, are susceptible to hackers (even more so because they hold so much user information, making them prime targets).
But those big companies must have top-notch user support to help me regain access to my account, right? NOPE.
In early July, one of our team members had her personal Facebook account hacked. Since we all use Facebook for business, too, our IT team stepped in quickly to make sure the hacker could not gain access to anything Uprise-related. But her hacking journey was long from over (spoiler alert: it still isn’t).
While she had a complex, unique password AND two-factor authentication, the hacker still got in. She had used 2FA by text message, which is the least secure method. Hackers can easily exploit weaknesses in the phone networks to steal SMS two-factor codes.
Facebook did send her an email letting her know there was suspicious activity on her account — a login from a new IP, a new geographic location, and never-before-used device. “Is this you?” Facebook asked. But they didn’t wait for her reply; Facebook let them in. Despite initially recognizing that the hacker likely wasn’t her, Facebook reversed course. Now the hacker was the true account owner, and she was locked out. The hacker re-established 2FA, but this time with a code generator sent to their phone. She could enter her username and password, which still worked, but was stopped in her tracks when prompted to enter the code, which was sent to a phone she didn’t have access to.
Facebook purports to have methods to reclaim your account, but they don’t work. You can report you’ve been hacked and be led through a short “here’s what to do,” which soon culminates with a prompt to log in. But if you can’t log in, how do you log in? That’s the problem.
Want to submit a helpdesk ticket? You need to log in to do that. Want to start a chat with a human to help? You need to log in to do that.
You can ask a friend to start a help chat for you, but Facebook won’t discuss another user’s account. You might even get a helpdesk email address and connect with someone, but guess what they’ll tell you to do? They’ll send you right back to the www.facebook.com/hacked page, which you’ve already tried multiple times.
There’s another option to prove your identity and maybe reclaim your account: You can give Facebook access to your webcam and take a photo of your driver’s license or passport. I don’t even want to get started on the monster of a data privacy issue this is, but for a user who’s desperate to get her account back, it was worth a try. About 40 tries (and counting), in fact, over the course of months (and counting). Her photo gets automatically rejected within seconds every time.
This isn’t a novel case, either. How many people do you know who’ve had their Facebook accounts hacked? (I know a bunch.) Did any of them get their account back? (I know not one.)
How Protected Is Your Business?
In the larger world of digital data, the hacking of a personal Facebook account might seem like small potatoes. Still, it’s the perfect real-world, relatable example of what happens to people and businesses every day.
Maybe you lose a decade’s worth of photos and messages. Maybe you lose all your customer info or a vital database. Maybe a whole lot of money is intercepted in wire transfers and rerouted to another bank.
Advanced planning, up-to-date security, regular backups, and with IT pros on your side, your risk is dramatically reduced. In the absence of those, you’ll be hard-pressed to regain access to your account or get your valuable data back in the event of a hack. And that’s a reality you don’t want to encounter AFTER it’s happened.
But the truth is, most businesses don’t know if they’re prepared for a cyber attack and don’t have a formal cyber attack response plan.
A wise first step is to be vigilant for phishing scams, which account for 90% of cybersecurity breaches. Read our blog: “Tips to Spot and Avoid Phishing Attacks" for pointers. But that’s just the start.
Kicking the data-security can down the road only prolongs your company’s exposure, and while day-to-day operations take precedence in our minds, one breach could bring your day-to-day to a painfully screeching halt, or worse, crumbling the entire foundation of your company, which you may never be able to rebuild.
If you have questions or would like to talk about your company’s security, reach out to us.
Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021
Cybersecurity 101: Two-factor authentication can save you from hackers
COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes
Hackers Attack Every 39 Seconds
Massive data leak exposes 700 million LinkedIn users’ information
Cybercrime To Cost The World $10.5 Trillion Annually By 2025
Phishing Still Drives 90% of Cybersecurity Breaches