Assessing Accountability When Online Accounts are Hacked: Who Bears the Brunt?


In recent news, a successful marketing firm’s CEO faced a grave ordeal when hackers infiltrated their Facebook account. Over a weekend, fraudulent ads for an online gambling site, totaling $250,000, ran unchecked, resulting in the firm’s Facebook account closure. Shockingly, neither Facebook nor their financial institutions accepted responsibility, leaving the firm uninsured and bearing the full cost burden.

Another firm encountered a similar nightmare as their legitimate ads were paused while hackers promoted illicit weight-loss products via 20 new ads, totaling an astounding $2.8 million. Despite swift action and damages limited to $4,000, the compromised account was shut down, causing significant revenue loss estimated at $40,000 to $50,000.

And even the CEO of Facebook isn’t safe from hackers. Mark Zuckerberg had his Facebook account hacked due to a weak password several years ago. In this case, it was an ethical hacker who was simply proving a point, and the point was made.

While these incidents spark fervent debate over accountability, the hard truth prevails: lax security practices lead to account compromise. Weak passwords, absence of multifactor authentication (MFA), and inadequate cybersecurity expose vulnerabilities, making account breaches the sole responsibility of the account holder.

Facebook’s security measures weren’t at fault; rather, it was the lapse of an individual employee. Cloud applications, despite their robust assurances, remain susceptible to hacking when credentials are compromised.

Prevention is paramount. To fortify your defenses:

  1. Educate your team about these scams to mitigate cyber threats. Cybercriminals’ #1 advantage is hubris; businesses and most people in general insist that “nobody would want to hack me” and therefore are lax with cyber protections.

  2. Implement strong, unique passwords for EACH application using trusted password management tools but remember the password manager needs to be used for it to work. For example, don’t allow employees to store passwords in Chrome and bypass the password management system.

  3. Minimize user access on cloud applications to reduce breach risks. The more users you have on a cloud application, the greater the chances are of a breach.

  4. Ensure all devices interacting with your network are secured against malware threats. Keylogger malware can live on a device to steal all your data and credentials.
Prevention is paramount

For a comprehensive assessment of your organization’s cybersecurity, let’s have a 10-minute phone consultation to discuss your specific situation. You may need an audit which can ensure you’re shielded against known threats, essential for every business owner’s peace of mind. If you haven’t had an independent third party conduct a cybersecurity risk assessment in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Let’s talk today!