What small businesses can learn from the recent Twitter hack

The social media world was rocked recently when high-profile Twitter accounts were apparently hacked, tweeting out requests for Bitcoin with offers to double the amount sent. Twitter blocked all verified accounts for several hours while they tried to determine the source of the problem. 

Even if you’re not Elon Musk or Jeff Bezos, who were both affected by the Twitter breach, this type of activity is alarming. Here’s what small business owners should know about this attack and how it can affect your business.

What is social engineering?

Twitter announced that the attack appeared to be a kind of ‘social engineering,’ or a way that hackers use technology to get people to give them information or money. In this case, tweets were sent that looked as though they came from verified accounts of high-profile users like Musk, Bezos, Joe Biden, Kim Kardashian, and more. The tweets indicated that these celebrities would ‘reward’ their followers by sending $2,000 worth of Bitcoin to everyone who first sent $1,000 of the cryptocurrency to them. 

As incredible as it seems, the thieves reportedly collected about $100,000 before Twitter caught on to the scheme, according to the BBC. 

Social engineering can take other forms, too. Sometimes a hacker will create an email address that looks similar to that of a company executive, and then send an email to the accounting department requesting an urgent wire transfer. An employee who gets such an email may send the funds because they’re eager to comply with the boss’s request. By the time they figure out that the request didn’t come from the boss, and there was no urgent issue, the funds are long gone. 

How can businesses protect themselves from social engineering?

Hackers are getting more sophisticated and targeted all the time, according to the Hiscox Cyber Readiness Report 2020. The report, which surveyed over 1,000 IT professionals in the US who are responsible for their company’s cyber security, found that the cost of the average cyber incident has increased to $50,000, even as the number of incidents has declined. 

Protecting your company from a social engineering or other cyber incident requires a three-step approach.

1. Prevent an attack by creating a ‘human firewall’ of educated, aware employees. Train your staff on how to recognize a suspicious email, the importance of strong passwords, and other cyber best practices. 
2. Detect an attack early to minimize the damage. Have a plan in place for addressing a data breach or ransom demand and make sure everyone knows their part. Act quickly and decisively, even if it means shutting your system down for a period of time. 
3. Mitigate the negative effects of a cyber incident. Hiscox’s cyber security insurance can not only cover the costs associated with data recovery and notification, it includes breach response services for expert assistance in the days and weeks after an incident. 

The recent Twitter breach was breathtaking in its scope and brazenness. It may have been the first of its kind, but it’s not likely to be the last. Every business should take steps to protect itself. 

Learn more about Hiscox cyber insurance.