How to Keep Your Accounts and Business Safe from Russian Hackers

blocks in colors of ukraine flag

Hacks and cyber attacks are nothing new (and they don’t just come from Russia), but it seems like spam, scams and misinformation campaigns have been ramping up since Russia invaded Ukraine. Everyone I talk to has seen an uptick in some kind of spam, whether it’s a surge of new texts from scam accounts, more emails asking for money (and pretending to be from legit companies), or Instagram accounts getting hacked (and suddenly posting about unbelievable deals or financial windfalls).

We’ve all heard news stories about Russian hacks and misinformation campaigns, but it’s hard to know why they’re going to the trouble — or what we can do about it.

At Infomedia, I work with lots of web developers and programmers, so I get to ask these questions of people who know more than I do about the subject. I sat down with two guys who are not only great at what they do, but are also genuinely a couple of my favorite people — Spencer Batten and Michael Stuckey. And it’s hard to believe, but changing our passwords and thinking critically before resharing on social media are real ways to stop Russian interference.

One Quick Question episode with Systems Engineer Spencer Batten (15 mins)

Localist episode with web developer Michael Stuckey (1 hour)

Here’s the breakdown on what you and your small business need to know about Russian cyber warfare:

Why Russian Uses Misinformation

A divided enemy is a distracted enemy — and a distracted enemy is easy to defeat. This is the primary reason for misinformation campaigns, and it’s scary how well they work. As Americans spent years fighting with each other over domestic politics (Trump especially), we weren’t focused on what countries like Russia were doing. Putin in particular uses this tactic incredibly well, and it’s been well documented that, under his direction, fake news floods onto our screens.

How Can You Tell If Something Is Real or Misinformation?

This is so hard to spot, because disinformation doesn’t sound like disinformation. It sounds like research. It sounds like the thing that proves what you’ve already been thinking. It’s cloaked in trending and likes and comments, and it seems completely real. Our immediate, natural reaction when we see these kinds of posts is to reshare them — to let the world know the “truth,” but we don’t realize that we’re inadvertently spreading lies. The best way to stop misinformation is to think critically about what we share.

5 Ways to Fight Misinformation

Use primary sources

Find the original, complete interview, speech or law before sharing. Don’t just post a recap or excerpt, which are often used out of context and can have a very different meaning than the original.

Avoid righteous indignation

Misinformation is designed to feed on our passions. It’s very well disguised to look like real news, and it usually includes something meant to stoke the fire of our self righteousness. If a post makes you want to shout, “I told you so!” there’s a good chance it’s fake.

Wait 10 minutes before sharing

Gossip has always depended on our worst instincts, and misinformation is no different. Simply waiting a few minutes before reposting can do wonders for our ability to think critically — reposting before we’ve even thought through our response causes big problems.

Be careful who you learn from

Follow accounts, media outlets and people for weeks (months is even better) before you repost them. Make sure they use primary sources, and check out how they handle a variety of news stories. Especially pay attention to what they do when they get something wrong. (This happens to every source sometimes — do they handle mistakes gracefully and work quickly to remedy the issue, or do they bury their corrections at the bottom of their stories hoping no one notices their mistake?)

Repost sparingly

The easiest way not to repost misinformation is simply not to repost — instead, think critically about what you’re sharing, and then make and share your own opinion using primary sources.

Why Russia Uses Cyber Attacks (on Small Business, Too)

Part of the reason for cyber attacks is the same as the reason for misinformation — it sows seeds of dissent, discontent and distraction. If enough of us are scrambling to get our businesses back in order, we’re more concerned with keeping our resources and home and less interested in stopping a war across the ocean.

But there are other reasons for Putin (or, more accurately, the hackers he has at his disposal) to attack a business’s website. Large-scale attacks (like redirecting an oil tanker) have obvious motivations. But even small businesses collect a lot of personal data — especially passwords. Chances are decent that the password someone uses on your site is a password they’ve used on other sites. So, while your site might not give hackers a “reason” to attack (like access to payment information or banking information), if a hacker can steal the passwords that have been entered on your site, they can turn around and use those passwords in other places.

They might also break into your site to hold it for ransom (yes, literally demanding money from you to make your site live again), or they may install bots on your site just for the purpose of sending out more attacks from your site. (Sending from your site instead of from theirs masks their location and makes them less likely to get caught.) The good news is, protecting your information is often as simple as using a more secure password:

6 Ways to Protect Against Cyber Attacks

Use strong passwords

A password manager like LastPass or 1Password can help you come up with strong passwords easily.

Consider two-factor identification

Requiring a code to be sent to your phone before logging in is annoying, but it also makes your account exponentially safer.

Back up your information

An external drive that’s separate from your computer (physically separate, and also disconnected from the same network) is best.

Be careful what you click on

Fake emails, text messages and social media DMs are getting more and more sophisticated — this short One Quick Question podcast episode can help you know what’s legit and what’s a scam.

Try a hotspot or VPN

A Virtual Private Network is the best way to access data when you’re not in a secure location, but a personal hotspot is better than nothing.

Run updates

Most updates for WordPress, Shopify and SquareSpace sites are security patches, so be sure to run them when they’re available.

Russia is fighting Ukraine with tanks and bombs, and that has tragic consequences that are breaking our hearts and, rightly, making us want to do something by giving money. I am so thankful that so many of us are doing that, and it’s important and irreplaceable work.

But Russia is also waging a battle with the rest of the world — a war of misinformation and cyber attacks. This cyber war keeps us distracted and unable to focus on stopping Putin from destroying Ukraine. We can’t do as much as we’d like to to stop the battle on the ground in Ukraine. But we can make sure we’re doing our part to keep as much information and money out of Putin’s hands as possible — and it’s as easy as changing passwords and thinking twice about our social media.

Email with a purpose Let's Keep in Touch

Good news (and practical tips) for small businesses — we're not into being pushy or spammy.