As a startup, your goal is to generate attention and stand out and apart in a crowded marketplace. The good news is that if you combine a great product with a grate strategy — and throw in some great timing and a dose of great luck while you’re at it — then you’ll succeed in capturing attention within and far beyond your marketplace. The bad news is that some of the people who’ll be very interested in your startup are cyber criminals who want to exploit your success for their benefit.
Here’s why: the notion that cyber criminals exclusively or even primarily target large enterprises is a myth. Yes, it certainly happens (see Target, Sony, Yahoo, VTech, and the list goes on). But the vast majority of cyber crime is carried out against small and mid-sized businesses, including startups — especially because in the early stages, because things are usually so fast-paced (read: chaotic) and high turnover is common. It usually doesn’t take much for cyber criminals to slip under the radar launch a campaign.
While cyber criminals have several nefarious tactics in their playbook, when it comes to targeting startups they lean towards two conventional, yet highly successful attack vectors: setting up counterfeit social media accounts, and setting up phishing social media accounts. Although these may sound like the same thing, they’re quite different — yet both very costly.
Counterfeit social media accounts are remarkably easy and fast to create, and some enterprise-grade cyber criminal operations) can put an account together literally within a matter of hours. As expected, the counterfeit social media accounts look precisely like the real thing, right down to the logo, colors, fonts, and even content.
Customers, who have no idea that they’re not dealing with the legitimate business, place an order directly (if there’s a shopping cart), or they send a message to place an order. The cyber criminals respond promptly, and either steal customer money and data, or in some cases, fulfill the order by shipping out counterfeit goods — simply because they actually make more profit running a shadow company. In other words, for at least a while, many customers won’t know that they’ve been fooled and will buy more stuff, refer family and friends, and so on. It can take months or even years for startups (and other targeted businesses) to realize what’s going on, and take legal steps to shut things down.
Phishing social media accounts also look exactly like the real thing, and are designed to steal data than sell goods. The idea is to get customers to submit personally identifying information, which can be used to commit identity theft (or sometimes traded in the cyber underground). In many cases, cyber criminals will also try and get customers to download documents (e.g. invoices, catalogs, etc.) or click links that install malware to which infect their end point and wreak even more havoc.
Obviously, either of these phony social media account types — let alone both of them — can be devastating for startups, especially since it can thrust them into the headlines for all of the wrong reasons and severely damage their reputation. In some industries and fields, such as financial services and health care, it can also lead to regulatory sanctions and fines, along with lawsuits.
The best — and frankly, the only — way that startups can intelligently deal with this problem is to be proactive and mitigate the risk of being victimized. That means having a robust, strategic and comprehensive web presence management plan, which includes constantly monitoring and reporting on their full social media presence; including — and especially — accounts that they don’t own and operate, but are nevertheless related to their brand directly or indirectly, harmlessly or illicitly.
The bottom line? Startups literally can’t afford to get bogged and held back by fraudulent social media accounts. An attack can permanently derail the business plan, and turn an entrepreneurial dream into a regrettable, costly nightmare. Strong and smart web presence management can’t 100% eliminate the risks. But it certainly gives startups the chance to fight back — and that’s usually enough to send cyber criminals elsewhere in search of easier targets.