21 October 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,037,648Views 62Comments

10 Business Identity Theft Risks in 2010

23 January 2010  |  2390 views  |  0

Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business.

Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn’t work correctly and the constant learning curve we must all endure, the biggest negative is security issues.

So for the SMB (that’s you, the savvy businessperson), here are ten considerations for the new decade:

Back up your back up. Numerous reports of cyber-war, thousands of new viruses weekly, and even Mother Nature reeking havoc on the Internet, have caused concern among industry professionals. Doing business in the cloud is fantastic; however, make sure you have redundant local backups of your data.

Anti-virus will not fully protect you. The sheer volume of attacks and new viruses created will keep the anti-virus vendors busy. But there is no way they can keep up the pace 100% of the time. There are numerous technologies that will immunize your PC and make whatever virus or spyware impotent, and any data on your machine typed in a browser useless to the thief.

Social media identity theft is the act of creating a blog or social media site that models your day to day operations. At any time someone can register domains or social media sites with your brand as the face. They then sell product that they never ship and/or do things to damage your brand.

Social network nitwits. One of the easiest ways into your companies’ networks is via social media. The explosion of “I just made a tuna” communications has brought out the dumb in many people. The simple act of setting up a group on Facebook and getting your employees to join can open up a treasure trove of data that can facilitate social engineering attacks. Create policies and procedures that involve appropriate use.

Social engineering, the ruse of a confidence man, is back in full force. It never really went away, but with the amount of security in place, sometimes the path of least resistance is simply asking your cleaning crew for the keys to the building. By gaining the trust of employees over the phone, via email or in person, a con-man can get almost anything he needs to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.

Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside. But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information. But preventing bad employees from doing bad things starts with not hiring bad people.

Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like its coming from another employee is probably the most effective spear phish. Going after the CEO or high level executive or “whaling” can often be even more successful. The bigger they are the harder they fall as they say. From my experience it’s often the smartest ones in the room that lack all common sense. Test your employees; see what they will fall for. Then test them again.

Tighten up employee remote access. Allowing Suzy Admin to access the companies VPN from a home PC that Suzy’s son Steve uses to play games on servers hosted in North Korea will end up bad. Malware on a home computer can compromise usernames and passwords resulting in spyware on the network. Set up Suzy with her own laptop that’s fully locked down and prevents Steve from doing anything fun.

Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world. Obamas helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.

Identity theft will get worse before it gets better. And whether it’s your identity, your families or your employee’s identity that is stolen, it can be a huge time suck and a costly event. The best defense involves a 3 legged stool. First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a “credit freeze” or “security freeze”. Learn how to do it HERE. Third is an annual investment in identity theft protection. In today’s cyber crime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6041 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6681 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5285 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5705 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5179 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe