As technology evolves, so does currency. We've gone from paper bills to credit and debit cards to electronic payment platforms (like PayPal and Apple Pay) to cryptocurrencies (like Bitcoin and Ether) in a relatively short amount of time. These cryptocurrencies typically use algorithmically encrypted data links for monetary exchanges.
But much like any other data, cryptocurrencies are not immune to hacking and online theft-a recent incident targeting a South Korean exchange proves that. The lesson? When it comes to dealing with online payments as a business, it pays to adhere to stringent cybersecurity standards and invest in cyber liability insurance coverage.
Let's take a closer look at the recent cryptocurrency hack and what modern businesses can learn from it.
A Cyber Attack on Cryptocurrency
Earlier this month, hackers accessed some Bithumb users' digital currencies and personal information. This South Korean-based exchange was the top exchange for Ethereum and the fourth-largest exchange for Bitcoin at the time of the attack, according to The Hacker News. Not only did some users allegedly lose the equivalent of billions of South Korean Won in cryptocurrencies (a billion Won equals approximately $896,660), but the exchange believes that hackers compromised personal data for over 30,000 customers in the process.
You're likely wondering how this happened. According to Bithumb via Brave New Coin, an employee PC was the conduit for the data breach. After gaining access to it, the intruders leaked users' personal information (like phone numbers and email addresses). As a result, some victims claim that they were targets of a "voice phishing" scam in which they received calls from people posing as Bithumb executives who asked for the One-Time Password (OTP) included in a letter. Giving out such a piece of authentication can give hackers instant access to accounts.
The exchange posted on their blog that they will pay affected clients 100,000 South Korean Won ($86.50) until the extent of the fiscal losses are known, as Cointelegraph reports.
Avoiding Popular Hacking Schemes
You may not be a cryptocurrency exchange, but as a business, you're wondering how you can prevent such a costly data breach. If you use customers' personal or financial information, this should be your top priority.
To help your customers avoid phone-based phishing scams like the one outlined above, let your customers know that you'll never call them and ask for sensitive information; you'll always send an email with a secure link to your protected online portal. To help them avoid email phishing scams, inform your clients not to click on any suspicious links or submit information to third-parties claiming to be affiliated with you.
As the Bithumb example shows, a single device can act as the entry point for an entire hacking scheme. Make sure that your employees are using endpoint security measures like multi-factor authentication, encrypted communications and anti-malware software. Your company should also have a policy for lost devices; a misplaced device could present a huge problem if its owner doesn't immediately alert IT.
And finally, every company needs a backup plan in case they do fall victim to hackers. Cyber liability insurance coverage can mean the difference between notifying customers, correcting the breach and getting back to business versus shutting your doors for good over a digital disturbance.
Explore policy options for SMBs and large businesses alike with CyberPolicy.