Print

How to Survive Hacking, Spoofing, Phishing, and Other Dangerous Online Threats

| December 29, 2016 | Regulations & Security

Every month brings a new report of a massive data breach at a major company (or political party), but don’t let those stories fool you. Small businesses are also targets of attacks for hackers, spoofers and other online criminals too. In fact, there’s been a spike in cyber attacks on small and medium sized enterprises, as they are softer—and often easier—targets.

It’s important to understand the threat as well as be aware of some of the common cybercriminal tactics, so that you can take appropriate action.

Hacking

Hacking exploits the weakness in a computer system or network and breaches its defenses. To protect your business from hackers, make sure that you always:

  • install the latest security updates for all of your software;
  • encrypt your data;
  • install malware protection software;
  • consistently back up your files;
  • and secure your hardware.

If you suspect that your data has been compromised despite taking these measures, change your passwords and other authentication data immediately. If your customer’s accounts seem to be have been affected, do what Zappos.com did when it had a security breach: immediately reset every customer’s password, thereby forcing customers to create a new one.

Spoofing

Spoofing is a form of deceit. In cybersecurity, there are several kinds of spoofing; the most common one is email spoofing. Here, the cybercriminal sends an email that misleads the inattentive recipient into believing that it is from a reliable source. The recipients might be persuaded to click on a link that installs malware on their computer, or asked to provide sensitive data such as a credit card number. The best way to avoid becoming a victim of email spoofing, is to make sure your anti-malware is current and to simply never share private or financial information through email – contact the sender directly to confirm his or her identity and intent.

Phishing

Phishing takes users to an inauthentic web destination that masquerades as a reputed website. Here, you are asked for your password, credit card number, PIN, account number, or other sensitive information.

The famous hacking of Sony was most likely a result of phishing arising from spoofed emails sent to system engineers and network administrators. Some of these emails managed to get the recipients to enter their Apple IDs and passwords.

While many business owners believe that they exercise the required diligence to avoid being victims of phishing, cybercriminals are getting better at their jobs too. In 2014, hackers devised an exceptionally mischievous scheme that succeeded in securing users’ login credentials by directing them to a page that looked like a Google login, including a URL that began with “https,” which offered a false sense of security.

Hacking, spoofing, and phishing are just the tip of the iceberg when it comes to cybersecurity breaches. Your business could be the target of several other kinds of malicious activity, which include:

  • Distributed Denial of Service (DDoS): A DDoS attack is one in which a group of cybercriminals pulls down your computer network or website by flooding it with a large number of requests. This shuts down your computer system. Installing firewalls can prevent DDoS attacks.
  • Ransomware: This malware restricts access to certain files on your system or downloads “incriminating” files on your system and prevents you from deleting them, unless you pay a ransom. To reduce the risk of a ransomware attack, make sure you have effective and updated anti-malware software.
  • Botnets: There are cybercriminals that would like to control your computer system so they can send out spoofed emails, mine cryptocurrency using your computer resources, or for many other nefarious activities of their choosing. They could even use your computer as part of a network of infected computers to unleash a DDoS attack. Anti-malware software and resource-monitoring software can detect bots on your computer system.
  • Wi-Fi Eavesdropping: If you haven’t secured your Wi-fi connection, then it is possible that someone is eavesdropping on your data exchange with the intention of stealing sensitive information. Set up tight control procedures and only allow Wi-fi access to verified devices to avoid eavesdropping.

Action Plan

  • In matters related to cybersecurity, you need to be constantly alert. Be on the lookout for suspicious activity, links, and emails.
  • Your business is only as strong as its weakest link. Make sure that all of your team members play a role in your online security.
  • A lot of cybercrime targets online payments. Make sure your business is ready for payment security innovations.
  • Establish alerts and limits to monitor and control your credit card spending. A good program for that is MasterCard In Control.
  • Never ever install new hardware into your USB port without knowing what it actually does. A recent invention, the PoisonTap, can completely hijack the Internet access of a computer if it is inserted into its USB port.
  • Make security an unavoidable step in the way you run your business and offer your services.
  • Develop a strategy to create and memorize great passwords.

Cyber security issues are certainly discouraging and of concern to the small business owner. But if you take the precautions described above, you will significantly lower the likelihood that you will fall victim to cybercrime.

Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at https://www.mastercardbiz.com are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.