Imagine waking up to find your Facebook account hacked, with cybercriminals having spent over $250,000 on ads for an online gambling site, all in just one weekend. Shockingly, the responsibility for the losses doesn’t fall on Facebook, the bank, or the credit card company. The CEO of a highly successful marketing firm had to bear the full brunt of this financial hit, as they lacked the necessary cybercrime or fraud insurance to cover such incidents. Facebook’s stance was that no fraud had occurred since the hackers used valid login credentials, emphasizing that it’s your responsibility to safeguard your personal information.
In addition to the financial blow, the firm had to rebuild its hard-earned Facebook audience from scratch, which took them years initially. Ultimately, this ordeal will cost them nearly half a million dollars.
Another company experienced a similar nightmare when they discovered their ads paused on Facebook. What seemed like a glitch at first turned out to be a hack. The perpetrators paused legitimate ads and set up 20 new ads promoting a weight-loss spam site, with a daily budget of $143,000, totaling $2.8 million. While they didn’t manage to spend the entire amount, the high budget set triggered Facebook’s algorithms to run the ads rapidly.
As the company attempted to pause the campaigns, the hackers reactivated them in real time. After a frantic battle, they identified the compromised account and removed it. Unfortunately, Facebook refused to reimburse them for the lost funds, and their account was shut down, erasing all campaigns. Although they mitigated their damages to around $4,000 by acting swiftly, their account couldn’t run ads for two weeks, resulting in lost revenue. Their overall estimated losses ranged from $40,000 to $50,000.
Considering these real-life scenarios (with company names withheld for privacy reasons), some may argue that someone other than the victims should shoulder the responsibility and cover the losses. However, the truth remains straightforward: if you allow your online accounts to be compromised due to weak passwords, password reuse, lack of multifactor authentication (MFA), poor email security, or malware infecting your devices due to inadequate cybersecurity, the responsibility for the breach ultimately rests with you.
Facebook is just one example of the many cloud applications businesses use, and any cloud application, no matter how secure it claims to be, can be breached if the proper credentials are compromised. It’s not the fault of the application’s security but rather a failure on the user’s part.
The best approach is to prevent hacking in the first place. Here’s what you should do to protect yourself:
- Share this article with your staff to raise awareness about these scams. The overconfidence that “nobody would want to hack me” is cybercriminals’ most significant advantage, so remain cautious.
- Create strong, unique passwords for each application, and use a reliable password management tool to manage them effectively.
- Limit the number of users accessing any account; remove users promptly when access is no longer needed to reduce the risk of a breach.
- Ensure that all devices connecting to your network are secure, as keylogger malware can reside on devices and steal sensitive data and credentials.
To assess and protect your organization’s security from known threats, request a free Cyber Security Risk Assessment at https://ibsre.com/connect-with-ibs/. If you haven’t had an independent third party conduct this audit in the last six months, it’s overdue. This assessment is entirely confidential and comes with no obligation. Small business owners who neglect to “check the locks” on their IT systems are the most vulnerable in a world filled with evolving threats. Claim your complimentary Risk Assessment today to secure your organization effectively.