October 10, 2022
We have all seen an email from our rich “relative” in a foreign country who left us their estate; if only we would send some money. Although you can laugh, everyday hackers are becoming more sophisticated with their attacks. Internet hoaxes can be tricky to spot because they appear to come from a trusted source—perhaps your friend, an unrelated website, a famous person, or another trusted source. The hoax could be an urgent email to verify your organization’s information containing a malicious link. Or maybe a fake news story that includes a URL to read the story. Again, the hacker’s goal is to make your employees click on that link and spread a virus. Internet hoaxes clog networks, slow down internet and email services, and can be part of a distributed denial of service (DDoS) attack.
Fake news and disinformation are other forms of internet hoaxes. Per Gartner, “disinformation costs the global economy $78 billion annually”. Too many businesses, especially those in the small and mid-size range, assume they are not a risk from the problems of disinformation and fake news. Your product is too dull or the operation too small to attract the attention of bad actors. Unfortunately, this is no longer true. Commoditized machine learning, natural language processing, open-source chatbot frameworks, and on-demand amplification networks have put information warfare within reach of anyone with a grudge or profit motive. Negative reviews or articles can cause a loss of business. It doesn’t matter if these articles are legitimate or manufactured disinformation.
continuous education and training of your employees to recognize a hoax is the best defense. Be careful about the information you and they share on the internet. Scaring them into action is a common practice that can be costly. Always have a system to double-check information before sending wire transfers, financial data, or personal information. Ensure your employees know the common email phishing telltale signs (double check the URL, links requiring action now, or attachments from an unfamiliar source).
Make sure your employees know when to contact your IT department. They may want to review virus alert messages from questionable sources. Evaluate potential threats and block bogus claims at the mail server.
most organizations do not have a plan to address disinformation. Developing a plan can help you execute quickly if you find disinformation impacting your business. In addition, social media monitoring services and solutions are available to monitor the internet for content and mentions of your organization; however, these may be cost-prohibitive.
If you find disinformation, you can begin an in-house campaign with your employees, business partners, and even customers. Share a friendly note (or a thousand customers) to set the story straight about a disinformation occurrence; this will naturally and legitimately set up the response to be shared. Augment with paid amplification to boost social media posts for the short term. Sponsored and placed posts like these are labeled as such and linked to authoritative information about your company. It has the added benefit of boosting the authority and reputation of your content as a definitive source of information regarding your organization. Establishing relationships with influencers and providing them with authoritative, factual information is one of the most effective means of amplifying your message.
Hackers are out to ruin your company and reputation. Regularly assessing your information security programs, employee communication, processes, and controls can help alleviate the risk. To evaluate your current security environment or find out more ways to increase your cybersecurity, contact one of our security experts.