Macpreneur

Exposed! The Silent Threat That Could Cripple Your Solopreneur Business

Damien Schreurs Season 5 Episode 103

Share episode

Send me a Text Message

In this episode, you'll learn why securing your online accounts is crucial for your solopreneur business. 

We discuss the three pillars of digital security, internal and external security threats, motivations behind cyberattacks, and ways hackers can monetize compromised accounts. 

You'll discover real-life examples, including how a friend was scammed out of $24,000.

Show notes available at https://macpreneur.com/episode103

Highlights

  • 00:00 The Importance of Securing Online Accounts
  • 00:44 Introduction to Macpreneur Podcast
  • 01:38 Understanding Cyber Threats
  • 02:52 Components of Digital Security
  • 06:07 Motivations Behind Cyber Attacks
  • 08:29 How Hackers Make Money
  • 11:34 Scams Without Account Compromise
  • 14:16 Conclusion and Recap


🎤 Want to be a guest on the show? Fill the application form available at https://macpreneur.com/apply

Want to get personalized time-saving tips to be more efficient on your Mac?

Answer a few questions about how you're currently dealing with unnecessary clicks, repetitive typing and file clutter. It's FREE and takes less than 2 minutes!
https://macpreneur.com/tips

Follow me:

Exposed! The Silent Threat That Could Cripple Your Solopreneur Business


The Importance of Securing Online Accounts

Imagine waking up one morning to find one of your online accounts hacked and your solopreneur business paralyzed. 

Scary, right? 

Today, we're diving deep into why securing your online accounts is just as important as securing your Apple devices. 

Stick around until the end because I'll share a real-life story of how a fellow solopreneur got scammed and lost nearly $24,000. 

I'll unpack all of this after the intro.


Introduction to Macpreneur Podcast

Hello. Hello, and welcome to episode 103 of the Macpreneur Podcast. 

Whether it's your first time or you're a long-time listener, I appreciate that you carve out some time in your busy solopreneur schedule. 

I've created Macpreneur to help as many solopreneurs as possible save time and money running their businesses on their Macs.

Now, in order to give you the most relevant Mac productivity tips and information, I need to know how well you're currently dealing with the three killers of Mac productivity, namely unnecessary clicks, repetitive typing, and file clutter.

For that, just visit macpreneur.com/tips and answer a few questions, which will take you less than two minutes.

After submitting your answers, you will receive personalized, time-saving tips based on your results. 

Once again, visit macpreneur.com/tips and start boosting your efficiency today.


Understanding Cyber Threats

Securing our Mac, iPhone, and iPad is only half the battle against cyber threats. The other half is keeping our online accounts secure too.

Think about it, your finance, marketing, and operations accounts, all crucial to your solopreneur business, are at risk.

Now we covered ways to streamline all those processes during Season 4, and if you missed it, I recommend visiting macpreneur.com/season4, where you will find all the episodes in reverse chronological order.

Now, Season 5, this season, is dedicated to helping you protect your devices and processes from cyber threats, and it all starts with awareness.

Now, I've split this episode into three parts.

First, I'll do a quick recap of Episode 97, which covered why solopreneurs need to be proactive about digital security.

Then, I will explain the six main motivations of hackers.

And finally, I will expand on the different ways that they make money by compromising the online accounts of solopreneurs like you and me.


Components of Digital Security

Okay, let's start by reminding ourselves why it's important for solopreneurs to be proactive about digital security.

Security has three components: confidentiality, integrity, and availability. Confidentiality means ensuring that only authorized people have access to our business data. Integrity means making sure that our business data is accurate and untampered with. And availability means ensuring that business data and IT systems are accessible at all times.

At a high level, there are two possible sources of security incidents: internal and external.

Internal incidents might involve mistakes by you, external contractors, or a bug at the operating system level or at a software level.

External attacks are from cybercriminals trying to directly access your data, whether on your Apple devices or online.

And when I talk about cyber attacks, most of the time I get the following statement, "But Damien, I'm nobody, or My business is too small, so why should I care?"

The thing is, there are two types of attacks: opportunistic ones and targeted ones.

And the vast majority of attacks are opportunistic. Now imagine hackers like fishermen who would launch millions of baits in the sea. If a fish happens to pass by and get lured into eating the bait, it gets caught. Statistically speaking, there will always be a fraction of people who get caught.

The payoff is always worth the effort, and in this scenario, they don't really care who gets caught, so anyone vulnerable could be their victim.

Targeted attacks, on the other hand, are much rarer and the risks for solopreneurs are relatively low. However, it is not entirely zero, especially when you offend people online, even inadvertently, or when a competitor gets jealous of your success, for instance.

So, apart from mitigating the risk of getting hacked, why should you be proactive when it comes to digital security?

Well, for that, it's important to understand the consequences of security incidents, which can be direct and indirect.

The direct consequences include lost time, unexpected expenses, and lost revenue while dealing with the incident.

And indirect consequences, like reputation damage, could be even more harmful and long-lasting. For example, imagine a scenario where your client's data gets hacked. Not only will you need to spend time and money fixing the breach, but your clients might lose trust in you, affecting your business relationships and future opportunities.

You can go deeper on this topic, especially basic prevention and contingency techniques, by checking out episode 97.

If you missed that episode, you can check it out by visiting macpreneur.com/episode97.


Motivations Behind Cyber Attacks

The next question is, why would anyone try to attack you? And based on my research, there are six main motivations.

The first and most prevalent motivation is money. Between 60 and 75 percent of cyberattacks are launched for that reason alone.

Which is why I will expand later on the different ways that an attacker can make money by compromising your online accounts.

The second motivation is revenge, which could originate from a disgruntled customer, ex-business partner, or even a competitor.

The third reason is simply to spy on you with the aim of gaining some intelligence on your business model, your solopreneur processes, proprietary frameworks or solutions, as well as customer information.

The fourth motivation is hacktivism, spelled H-A-C-K-T-I-V-I-S-M, which is the use of hacking techniques to promote social or political ideologies. Maybe someone didn't like a social media post or comment of yours, or they disagree with the way you do business or the suppliers that you use.

Regardless, it's enough for them to want to disrupt your solopreneur business.

Reason number five is getting caught in the middle of cyber warfare, which is sadly the case as a result of the conflict currently going on between Ukraine and Russia, as well as in Israel. Regardless of the camp you're in, operating an online business from a war zone faces many challenges. Some of them are the result of attacks on the communications infrastructure.

The sixth and final main motivation is simply for the fun of it. Some people unfortunately get bored very easily. And one of the things that makes them come alive is the challenge of finding a way to break in.

Now, these motivations are not mutually exclusive. In other words, an attacker might be motivated by political reasons and then start by spying on you to better understand how you operate and what your online weaknesses are, and then they might realize that they could make some money as well.


How Hackers Make Money

And speaking of making money, let's have a look at the different ways that attackers can achieve that by compromising one or more of your online accounts.

One way would be to go directly to the source by siphoning your business bank account or maxing out your business credit card limit. How? By compromising your e-banking credentials. This is not an easy feat, since most banks now have implemented strong multi-factor authentication systems. However, the risk is not zero.

Another way would be to take over your online payment processor of choice, like Stripe or PayPal, and then change the payout destination.

If you have an online store on Shopify, Etsy, Gumroad, and the like, chances are that you've configured an online payment processor. So, by changing it to theirs, any sale made on your store would get credited to them until the situation gets resolved.

If you run ads using Meta Business Suite or the Google Ads Platform, you have configured a way to pay for those ads, most probably via your business credit card. About two months ago, a client of mine got scammed and lost control of one of its Facebook pages. In a couple of hours, the attacker maxed out my client's credit card by running ads for themselves.

And the worst thing is that my client never managed to speak with anyone at Facebook and still to this day has not recovered access to his business Facebook page.

Next, if someone manages to break into your social media accounts, they can start promoting scammy products or services to your followers, either publicly or via DMs.

And by impersonating you, attackers can also induce your family and friends to send them money, pretexting a random urgent issue that you might have.

And whether it's your business email account or the email marketing service you use, getting it compromised allows an attacker to send emails with links to a lookalike website or an online store.

Another way they can make money is by reselling your contacts' information on the dark web or by asking you for a ransom.

And talking about ransom, the same thing applies if an attacker manages to take over the cloud storage account you use for your business, whether it's Dropbox, Google Drive, OneDrive, or any other.

In the past, paying the ransom was done in exchange for the decryption key, but there is no reason to pay if you have got an offsite backup. Nowadays, attackers blackmail their victims by saying that if they don't pay the ransom, the stolen data will be leaked publicly.

This list is far from being exhaustive; however, as solopreneurs, I feel those are the ones that we need to be mostly aware of.


Scams Without Account Compromise

Before concluding this episode, there's one more thing I'd like to mention. Some scams don't require our online accounts to be compromised, and I will go over three situations, including a real-life example.

First, they could ask you for a ransom after launching a DDoS attack on your website or online store.

So, DDoS stands for Distributed Denial of Service, and it consists of sending thousands of concurrent connection attempts, which chokes the server, making your website inaccessible to legitimate visitors. This kind of attack can be easily purchased on the dark web and can last from a few hours to a few days.

Another way they can make money would be to hack one of your suppliers, especially their email system. Their next step would be to send you an email telling you that their bank account has changed. And the next time you pay an invoice by bank transfer, the attacker will get the money, not your actual supplier.

And finally, some scams revolve around elaborate subcontracting schemes. This could happen if you rely heavily on other freelancers to serve your clients.

A friend of mine, the owner of a translation services agency, lost around $24,000 that way a few weeks ago.

First, she got contacted by what appeared to be a legitimate university requesting the translation of hundreds of documents. 

Then, as if by chance, she received a DM on social media from a freelance translator who happened to be fluent in one of the languages requested by that university. 

She sent a contract to the university, who then started sending documents to be translated. 

The university sent positive feedback about the "work" done by the freelancer, who consequently started sending invoices. 

The mistake that my friend made was to pay the freelancer before getting paid by the university, which turned out to have never asked for translation work. 

Someone impersonated a person at that university, and my friend never got paid. 

And when she realized it was a scam, she had already sent around $24,000 to the freelance translator, putting her business in a dire financial situation.


Conclusion and Recap

So, to recap, the episode started by reminding why it's important for solopreneurs to be proactive about digital security.

Then, we covered the main motivations of hackers and 7 ways that they can make money by compromising our online accounts.

Finally, I went through three scams that don't require our online accounts to be hacked and that every solopreneur should be aware of.

If you enjoyed this episode, please share it with a fellow solopreneur and DM me on Instagram. My handle is @macpreneurfm.

So that's it for today.

In the next episode, I will discuss the different attack vectors by which our online accounts could be compromised and what to do to defend ourselves.

So, make sure to subscribe or follow this podcast to get it automatically next week.

And until next time, I'm Damien Schreurs, wishing you a great day.

Thank you for listening to the Macpreneur Podcast. If you've enjoyed the show, please leave a review and share it with a friend right now.