— October 20, 2017
Vietnam. This is a bloody war, and you are in it. 6 months ago you were living a happy life in Chicago, but now you are creeping slowly and quietly through this jungle hell. As you swallow, you taste the salt in your sweat, spitting it out would make too much noise. Looking down at your gun you tighten your grip, it feels like safety. Then your focus returns to the jungle, you need to see them before they see you. Your ghost-like enemy does not announce its arrival, it makes no sound, it can bring sudden death and you need to be ready.
Then it happens.
It feels like you just got hit by a train from behind and the sound of the grenade reaches your ears a fraction of a second later. As you fall to the ground you quickly realize you are seriously wounded. You can’t feel your legs and important parts of your insides have just been blown out of your body through the fist sized holes in the front of your chest.
Now you’re lying face down, still alive thanks only to the oxygenated blood still in your veins. But you’re losing it fast and there won’t be any more. You only have seconds left.
How and who? Those 2 questions flash into your mind so quickly you can feel them. You are the leader of your patrol, the Captain, 10 soldiers in front of you and 20 protecting your back. You summon the last of your energy to twist around, and there stands your assailant, rifle raised, finger on the trigger, cold eyes full of hate, ready to finish you off. Now confusion and disbelief fill your mind, because you recognise that face, and the uniform, it’s one of your own soldiers. The one you demoted a few days ago.
A flash of light from the barrel of the gun, then darkness.
You just got fragged.
A troubling thought, isn’t it?
You’re deep in the jungle, fighting enemy soldiers and bang! You just got assassinated by one of your own.
But don’t worry, you’re not alone.
The term “fragging“ was used during the Vietnam war to describe incidents when a commanding officer was injured or killed by a disgruntled soldier from their own platoon. The weapon of choice was usually a fragmentation grenade, this type of weapon was preferred as it was impossible to trace and was relatively easy to roll into a tent as the target was sleeping.
And it happened a lot!
In fact, it’s estimated that over 2000 officers were killed or seriously injured by their own soldiers in Vietnam. Some sources claim that the number was much higher. And the attackers were almost never found or brought to justice.
But you may be wondering what “fragging” has to do with running a business in 2017?
And the answer to that is:
Nothing or maybe quite a lot….
The modern way to kill a business
Relax, it’s highly unlikely that an employee or ex-employee will physically attack you, it happens but is extremely rare. When such an incident occurs it is usually carried out by someone with mental health issues and there’s probably not a lot you can do to forecast or prevent it.
But be warned, there is a new type of threat you should be aware of.
The new breed of assassins make no sound, give no warning, and can devastate or even kill your business.
Their only weapon, a keyboard!
They can leak your data, leave fake reviews, damage your reputation and corrupt your system’s.
Most of the time, they do so without leaving a trace.
And worst of all, you may not even realize you have been attacked!
Welcome to the era of the digital assassin.
Big kills v small kills
“Life is short. Have an affair.” Proclaimed AshleyMadison on their website, but they probably had no idea that their own life was going to be so short.
A digital attack by a disgruntled employee or contractor caused 37 million users to have their details leaked online and the company suffered what may yet turn out to be a terminal injury. In addition to losing a large percentage of their users, they have suffered massive damage to their reputation and have recently been ordered to pay out over 11 million dollars in damages to former users of their service. All as a result of a few keystrokes.
But it’s not the occasional attack on a high profile company that should concern you.
It’s the hundreds (or thousands) of attacks that are happening every day to businesses just like yours. The last thing you want is to suffer permanent damage to your brand. In extreme cases, you could even be forced to start another business from scratch. There are plenty of ideas for building an online business that can provide a new source of income, but if you have a standard brick and mortar business, restarting may not be an easy option.
It’s best to avoid the problem completely, which that means that you need to be aware of the risks.
In the case of a disgruntled employee or former employee, there are a number of options available to them for attacking your business:
Steal your secrets: What would your accounts info or new product designs be worth to your competitors?
Delete files: Could your business continue to operate without important files?
Leak user details: What effect would it have on your business if all user data was leaked online?
Data corruption: What would happen if data was deleted or altered on your ecommerce system or CRM?
Fake reviews: What would it do to your reputation and CTR if you received a hundred 1 star ratings overnight?
And the list goes on.
Are you feeling vulnerable?
Maybe you should be.
Most businesses are wide open to possible attacks
In a recent study, Intermedia and Osterman Research discovered some disturbing trends relating to data protection:
- 88 percent of employees retained access to the file sharing services they used on the job.
- 68 percent of current employees store work documents in personal cloud storage apps.
- 49 percent admit logging into their ex-employer’s systems.
- 45 percent of ex-employees can still remotely access “confidential” or “highly confidential” files.
It seems that when it comes to digital security, if a current or former employee wants to attack your business, your guards are asleep and the battle is already lost.
So you must be wondering what you can do to safeguard your business from attack.
And for trusted advice we turn to none other than the FBI, who, due to the surge in digital attacks on businesses, have issued the following guidelines:
- Conduct regular reviews of employee access, and terminate any account that individuals don’t need to perform their daily job responsibilities.
- Terminate all accounts associated with an employee or contractor immediately upon their dismissal.
- Change administrative passwords to servers and networks when you terminate IT personnel.
- Avoid using shared usernames and passwords for remote desktop protocol.
- Avoid using the same login and password for multiple platforms, servers or networks.
- Notify third-party service companies that provide email or customer support when an employee has been terminated.
- Restrict Internet access on corporate computers to cloud storage websites.
- Restrict employees from downloading unauthorized remote login applications on corporate computers.
- Maintain daily backups of all computer networks and servers.
- Ensure Data Integrity by following basic guidelines to reduce data integrity risks.
The message here is to be proactive and focus on prevention. It’s good advice and should be used as a checklist if you want to protect yourself against some of the common attack routes.
But what about attacks that are impossible to prevent?
In the case of fake reviews, there really is no way to prevent them from happening. They can severely affect even large businesses and for smaller businesses they can be devastating. As well as affecting CTR, due to Google using review ratings as a ranking factor for its local business “places pack”, negative reviews can also detrimentally affect the position of a business in the search engine result pages
In addition to the ranking and traffic declines caused by negative reviews, they also have a major impact on shoppers perception of your brand or business. Over 70% of online shoppers admit to trusting reviews as much as they would trust the opinion of a friend. So when your rating falls through the floor and is accompanied by negative reports about your business, your prospective customers will trust you less.
Unfortunately, when it comes to disgruntled current and former employees leaving fake reviews about your business, your only course of action is to react. First, ensure you are aware of what is getting written about your business online. You can then respond to fake reviews in a number of ways:
Respond to reviews promptly: You should draft a professional response to the fake review, make it clear that you do not have a record of any such customer or client, and state that you believe it to be a fake review. (remember that your prospective customers will judge you by how you respond, so be polite.)
Request removal: You can contact Google or Facebook and request that they remove a fake review. This approach can be successful, but can take time and doesn’t protect you against further fake reviews. Best course of action is to persevere with customer services, ensuring that you provide all of the information that they request.
Drown the negative review. If you have not already implemented an automated review generation system, then now is the time to do so. These systems reach out to your customers with a short questionnaire to determine their level of satisfaction with your business. Highly satisfied customers will be politely asked if they would consider leaving a review. When you begin gaining positive reviews, it dilutes the power of the fake reviews and also has the effect of pushing them further down the list.
The important take away here is that you really need to be aware of what is being said about your business online. If you don’t know about it, then you can’t do anything.
A growing number of companies supply reputation management solutions which will notify you whenever your brand or business receives a mention on the web. You are then in a position to respond. Fail to respond to fake reviews and you will almost certainly watch hopelessly as your visitor numbers, rankings and sales decline.
So there we have it. Unhappy employees and former employees no longer need to resort to violence or the use of grenades to enact revenge. It’s a relatively new type of threat and therefore most businesses are unaware and defenseless.
Welcome to the digital jungle. Watch your back.