What you should know about cybercrime

Glass shards on the floor or your business premises in ruins: the risk that you will experience theft or vandalism is smaller than it used to be. Burglars are increasingly finding their way in online. Small businesses are targeted by cybercriminals as much as larger companies, and suffer the cost. How does cybercrime work exactly? Three tips from a professional hacker to protect your company.

What is cybercrime?

Cybercrime is the collective name for online crime. While physical crime is declining, cybercrime is on the rise (CBS figures, in Dutch). It is expected that cybercrime will hurt about one in five companies. "Not only large companies are victims", says Stan Hegt. He is an ethical hacker, who is hired by companies to break into their computer systems. "When it comes to small businesses, hackers often target a large group at once. Compare it with a shot of hail you’ll always hits something."

Recognise cybercrime

Hackers attack your business in different ways. Often, the goal is to gain access to your login details or other sensitive information. They sell that data, use it to extort you, to impersonate you (business identity fraud, in Dutch), or to withdraw money from your account. To properly protect your company against online criminals, it is important that you recognise the different types of cybercrime. Here are the most common ones:

Deceived by phishing

One of the most common types of cybercrime is phishing: criminals 'fish' for information via email, text messaging or WhatsApp. Take passwords, for example. The sender pretends to be someone else, asks you questions and pressures you to click a link. "Never click on links in messages from strangers and beware of unreliable attachments", advises Hegt. If you do click, the phisher gains access to your system and can install malware without being noticed.

Held hostage by ransomware

Did you click a malicious link or attachment? Then you could be "held hostage" by ransomware. Ransomware is malware that locks your system, network or data. You can no longer use your system or files. Do you want the key? "You only get it in exchange for ransom," says Hegt. Criminals often demand payment in crypto coins such as bitcoins. "Bitcoin is easier to launder, and so the criminals can stay under the radar."

System down due to DDoS attack

Another form of cybercrime is the DDoS attack, or Distributed Denial of Service attack. Criminals send so much data traffic to your server, website or app via a network of computers called a botnet (in Dutch), that visitors can no longer access it. DDoS attacks are also used as a distraction: while you are busy solving the problem, criminals try to steal your data.

Extortion and threat

A criminal can also threaten with cybercrime. That way, they don't have to carry out a major attack to get money from you. For example, in June 2020, the police arrested a 25-year-old man (RTV Utrecht news article, in Dutch) for extorting nine web shops for thousands of euros. First, he carried out a short DDoS attack on an online shop. Next, he threatened bigger attacks and demanded an amount in bitcoin.

Big consequences

All types of cybercrime can lead to a data breach. Criminals get access to sensitive data, perhaps your customers’ details as well. This can have major consequence. Take the accountant whose password was leaked. “Cyber criminals got into an online accounting system. There they adjusted the master data of suppliers. Invoices were then paid directly to cyber criminals instead of the suppliers.”

Prevent cybercrime

You can't stop criminals, but you can make things difficult for them. A company can do a lot to protect itself against cybercrime. With a few simple measures you can already put up so many obstacles that it is less interesting to attack your company. Hegt gives a few tips to make it as difficult as possible for hackers.

  • Tip 1: use two-step verification

    Before a cybercriminal attacks you, he gathers information about you. Think of login details from a previous data breach. Don't make it easy for them. Use unique passwords or a password vault. And use two-step verification. That is an extra access code or your fingerprint, in addition to your password.

  • Tip 2: install the latest updates

    The cybercriminal tries to penetrate your computer systems by finding vulnerabilities. Make this difficult by always installing the latest software updates. These will repair the weak spots in existing software.

  • Tip 3: protect your system and make backups

    Once the cybercriminal is inside your computer, he can lock your system or data. You can then no longer work with it yourself. Make sure you install good antivirus software and always make backups. A backup also makes you less susceptible to extortion.