Not everyone has lost money during the pandemic. On July 16, 2020, social media platform Twitter was hacked through an intricate social engineering scheme. The ill-fated security breach resulted in the cyber-terrorists getting away with $120,000 in bitcoin.
How Did This Happen?
The culprits utilised a system called spear phishing. Spear phishing is the use of an email scam to steal data or install malware on the recipient’s computer.
Using a multi-step process to gain access to over 130 Twitter accounts, the hackers used a mobile spear-phishing attack and manipulated unsuspecting employees to gain access to specific company tools. Once they learned these details, the attackers used those credentials to target employees who were authorised to use account support tools. Caught off guard, employees changed emails and reset passwords while the hackers turned off 2-step authentication measures.
This process completed the plot to hack multiple high-profile accounts such as those of Joe Biden, Barack Obama, Apple, Uber, Elon Musk, Bill Gates, and others. With passwords reset and tweets sent out urging viewers to donate bitcoin to help the community and receive double the amount back, donors used a link to make the payment, making the hackers a quick $120k.
Although the amount these crooks took was minimal, it is frightening to think about the global devastation it could have created. The social media giant is known for its influence, whether local, state, or worldwide. Many influential leaders announce policy, trade determinations, opinions, or attempts to gain support through Twitter. Thinking in these terms, it is easy to see how a breach of this calibre could have been even more disastrous than it already was.
Learning From This Experience
The Twitter hack should be a lesson for all of us in several different ways. Private and public companies and government organisations are all open territories for these types of crimes. Globally, hacking can wreak havoc on entire countries.
As a business owner, it is wise to prepare to protect your company from such fraudulent, destructive plots. There are some tried and true methods as well as evolving technology to help you do so.
- First and foremost, remember that the hackers of the world are a step ahead of everyone else. Continuous compliance and learning are a vital part of protecting data.
- Sensitive information should only be available to screened, trusted employees with a required minimum of two-factor authentications. Background checks are essential for staff with these jobs.
- Consistently review company tools, processes, and internal procedures for efficacy and security.
- Employee error is often the cause of data breaches. Your staff should be trained and educated on the various types of cyber threats, including phishing, SIM swapping, social engineering, and a myriad of other electronic means to coerce an employee to divulge private information. Emphasizing the consequences of such behaviour should also occur.
- Zero Trust is a policy that dictates that no employee should have access to information outside the realm of their particular job. A checking system can be in place through IT that allows for limited access. With access monitored, it is highly unlikely that an employee would feel comfortable doing anything underhanded.
- Stay up to date on Malware, data ransom, and leakware: Other ways hackers damage and disable an organization’s computer structure. The attacker either encrypts files or threatens to release sensitive information unless a ransom is met. The ransom is generally requested in the form of untraceable bitcoin.
- Fraud analytics are helpful to catch odd requests or timing. It is now apparent that keeping a dedicated IT person, department, or contractor is no longer optional for most companies.
What is GDPR?
General Data Protection Regulation or GDPR is a data protection law for citizens, residents, and visitors of the European Union. U.S. companies that deal with Europe are also required to meet GDPR compliance regulations. There are steep fines for non-compliance violations.
For some time, Europe has been much more stringent than the U.S. over the use of personal data, thus, the data protection legislation. GDPR encompasses the following areas:
- Name, address, ID numbers
- Web location, IP address, cookies, and RFID tags
- Biometric information
- Health and genetics
- Political opinions
- Racial or ethnic
- Sexual orientation data
Vendors you source must also comply with GDPR. Any non-compliance from a vendor will directly impact you as a business owner and will result in fines.
This means that businesses have to be more vigilant than ever over what data they collect, how they store it, and who has access to it. Businesses that don’t adhere to GDPR requirements face steep fines that start at €20M.
Guarantee Your Company’s Site is GDPR Compliant
Luckily, we can help. iCaas’ state-of-the-art GDPR compliance software that ensures that your business is GDPR compliant in as little as 48 hours. Getting on board with GDPR isn’t just about compliance, it’s about using data to gain the competitive advantage in your marketplace. It’s about commercial growth. It’s about winning the next sale.
iCaaS software makes it easy, quick, simple and takes the burden out of your hands. Shortcut the pain, avoid the jargon, and get ahead of the rest.