What is cybercrime?Cybercrime is the collective name for online crime. While physical crime is declining, cybercrime is on the rise (CBS figures, in Dutch). It is expected that cybercrime will hurt about one in five companies. "Not only large companies are victims", says Stan Hegt. He is an ethical hacker, who is hired by companies to break into their computer systems. "When it comes to small businesses, hackers often target a large group at once. Compare it with a shot of hail you’ll always hits something."
Recognise cybercrimeHackers attack your business in different ways. Often, the goal is to gain access to your login details or other sensitive information. They sell that data, use it to extort you, to impersonate you (business identity fraud, in Dutch), or to withdraw money from your account. To properly protect your company against online criminals (in Dutch), it is important that you recognise the different types of cybercrime. Here are the most common ones:
Deceived by phishingOne of the most common types of cybercrime is phishing: criminals 'fish' for information via email, text messaging or WhatsApp. Take passwords, for example. The sender pretends to be someone else, asks you questions and pressures you to click a link. "Never click on links in messages from strangers and beware of unreliable attachments", advises Hegt. If you do click, the phisher gains access to your system and can install malware without being noticed.
Held hostage by ransomwareDid you click a malicious link or attachment? Then you could be "held hostage" by ransomware. Ransomware is malware that locks your system, network or data. You can no longer use your system or files. Do you want the key? "You only get it in exchange for ransom," says Hegt. Criminals often demand payment in crypto coins such as bitcoins. "Bitcoin is easier to launder, and so the criminals can stay under the radar."
Defaced or robbed by defacingDefacing is a kind of digital graffiti. Hackers change your homepage or other pages on your website. Usually they only leave their "logo", sometimes a political or ideological message as well. Criminals also use defacing for theft. This is how it works: a changed page on your website leads visitors to the hackers’ website, without you or the visitor noticing. They can then steal data from your customers or attack their systems.
System down due to DDoS attackAnother form of cybercrime is the DDoS attack (in Dutch), or Distributed Denial of Service attack. Criminals send so much data traffic to your server, website or app via a network of computers called a botnet (in Dutch), that visitors can no longer access it. DDoS attacks are also used as a distraction: while you are busy solving the problem, criminals try to steal your data.
Extortion and threatA criminal can also threaten with cybercrime. That way, they don't have to carry out a major attack to get money from you. For example, in June 2020, the police arrested a 25-year-old man (RTV Utrecht news article, in Dutch) for extorting nine web shops for thousands of euros. First, he carried out a short DDoS attack on an online shop. Next, he threatened bigger attacks and demanded an amount in bitcoin.
Big consequencesAll types of cybercrime can lead to a data breach (in Dutch). Criminals get access to sensitive data, perhaps your customers’ details as well. This can have major consequences, according to Hegt. Take the accountant whose password was leaked. “Cyber criminals got into an online accounting system. There they adjusted the master data of suppliers. Invoices were then paid directly to cyber criminals instead of the suppliers.”
Prevent cybercrimeYou can't stop criminals, but you can make things difficult for them. A company can do a lot to protect itself against cybercrime (in Dutch). With a few simple measures you can already put up so many obstacles that it is less interesting to attack your company. Hegt gives a few tips to make it as difficult as possible for hackers.
Tip 1: use two-step verificationBefore a hacker attacks you, he gathers information about you. Think of login details from a previous data breach. Don't make it easy for them. Use unique passwords or a password vault (in Dutch). And use two-step verification. That is an extra access code or your fingerprint, in addition to your password.
Tip 2: install the latest updatesThe hacker tries to penetrate your computer systems by finding vulnerabilities. Make this difficult by always installing the latest software updates. These will repair the weak spots in existing software.
Tip 3: protect your system and make backupsOnce the hacker is inside your computer, he can lock your system or data. You can then no longer work with it yourself. Make sure you install good antivirus software and always make backups (in Dutch). A backup also makes you less susceptible to extortion.
Want to know how vulnerable your business is for cybercrime? You can find out by doing a cyber scan.