Threat 01
Phishing
The fake message that looks real.
Real example: A message from “your bank”: your account will be blocked, click here to verify KYC.
India = world’s 3rd-largest phishing target
Launch →
Threat 02
Ransomware
Your files locked until you pay.
Real example: Like someone changing the locks on your office, godown and safe, then demanding ₹10 lakh.
96% of hit Indian firms needed outside help
Launch →
Threat 03
Weak passwords
The key under the doormat.
Real example: A weak password is like leaving your office key under the doormat - the very first place a thief looks.
Reuse one password, lose every account
Launch →
// Your Defenses
Practical, business-ready protection - grouped by threat, plus everyday cyber hygiene. Scan it, share it, act on it.
3rd
India is the world’s 3rd-largest phishing target.
96%
of hit Indian firms needed outside help to recover from ransomware.
1930
National Cyber Crime helpline - report fraud within the “golden hour”.
Phishing
Fake messages & links
Prevent
- Pause on urgency. “Account blocked”, “KYC expiring”, “refund pending” - fear is the bait.
- Check the real sender. Look at the full email address and the actual link (hover/long-press), not the display name.
- Banks & the government never ask for OTP, PIN, CVV or full card number - by call, SMS or link.
- Type the website yourself or use the official app; never log in through a link you were sent.
- Treat unexpected attachments and QR codes as suspicious until verified.
- Verify “boss/vendor” payment requests by calling a known number, not the one in the message.
If you’ve been hit
- Stop. Don’t enter anything more on the page.
- If you shared a card/UPI/bank detail, call your bank to block the card & freeze the account immediately.
- Change the password for that account and any account that reused it; turn on 2FA.
- Report at cybercrime.gov.in or dial 1930 fast - the sooner, the better the chance to claw money back.
Ransomware
Files locked for money
Prevent
- 3-2-1 backups: 3 copies, 2 types of media, 1 kept offline/disconnected. Ransomware can’t lock what it can’t reach.
- Test that a backup actually restores - an untested backup isn’t a backup.
- Keep Windows, antivirus and apps on auto-update; patch promptly.
- Don’t open macros or run “.exe / invoice.pdf.exe” from email.
- Give staff the least access they need; separate the billing/accounts PC.
If you’ve been hit
- Disconnect the infected machine from Wi-Fi/LAN to stop it spreading.
- Do not pay - paying funds crime and rarely returns all files. Don’t delete the ransom note (it aids investigation).
- Photograph the screen; preserve the device for evidence.
- Restore from a clean offline backup after wiping; bring in a trusted IT pro.
- Report at cybercrime.gov.in / 1930; check nomoreransom.org for free decryptors.
Weak passwords
Easy-to-guess keys
Prevent
- Long beats complex: a 4-word passphrase like “sunny-ledger-tractor-rain” is strong and memorable.
- One password per account. Reuse one, and a single leak opens every account.
- Use a password manager so you only remember one master password.
- Turn on 2FA everywhere - email, bank, UPI, business apps, social media.
- Change default passwords on routers, CCTV/DVRs and Wi-Fi.
- Never share OTPs or save passwords in plain text / on sticky notes.
If an account is broken into
- Change that password now, and everywhere you reused it.
- Enable 2FA and sign out all other sessions/devices.
- Check email forwarding rules & recovery phone/email for attacker changes.
- Tell your bank/contacts if the account could be used to defraud them.
General cyber hygiene
Everyday business habits
Build the habit
- Update everything - phones, PCs, routers, apps; turn on automatic updates.
- Run reputable antivirus and keep the firewall on.
- Train staff: most breaches start with one click or one shared password.
- When in doubt, verify directly - call the bank/company on its official number.
- Limit what you post publicly about staff, vendors and systems.
- Use secure Wi-Fi; avoid logging into bank/business accounts on public networks.
Be ready before trouble
- Keep a written incident plan: who to call, which accounts to lock first.
- Save key numbers: your bank’s fraud line and 1930 / cybercrime.gov.in.
- Know where your offline backups are and how to restore them.
- Review access when staff leave - remove their logins the same day.