Help Understanding Repeated Cyber Attacks at My Friend's Company

I’m currently trying to learn about cybersecurity, and a recent situation at my friend’s small digital marketing firm has caught my attention. They’ve experienced two cyber attacks within a month, targeting one employee’s Google Ads account, which has racked up around £20k in charges each time. They changed the employee’s password and enabled 2FA after the first attack, but it happened again. I’m trying to understand what might be going wrong and how they can secure themselves better. Any insights would be appreciated!

Hacks like this usually happen because of two reasons: someone clicked a link to download malware, or they used a weak password. A good password is crucial. To protect themselves, they should access critical accounts from dedicated work devices and store passwords in a password manager like Bitwarden.

The most common attack vector is stealing session cookies, which bypasses passwords and MFA. This can happen through malicious files like PDFs. To prevent this, they should avoid untrustworthy files, install proper antivirus software, and keep their software updated.

Even with 2FA, strong passwords are necessary. If the user’s device is compromised, 2FA won’t help. They should educate users about phishing and scams. After a breach, it’s crucial to do a clean install of the device to remove any malware.

Yes, definitely change all passwords, especially if they’re reused. Also, ensure that the devices used for work are secure and not used for personal stuff.

Got it! I’ll pass this info along. They really need to step up their security game. Thanks again!