Identity Theft - 5 easy ways to protect your organization

Identity Theft - 5 easy ways to protect your organization

Lane Griffing
Information Security, Tips & Recs

Protection from Identity Theft

The theft of credentials is a big enough problem…but this leads to fraud and the potential for identify theft. There is one overriding factor that is important to understand:

Cybercriminals are smart enough NOT to go after the “big score”…

Cybercriminals generally want to do the following:

  • Learn about you from social media and the posts that you make. In fact they will often “friend” C-suite or other “heavy hitters” on Facebook or more commonly “link” to you as a contact on LinkedIn.

  • They will learn your email address and then phish you with a credentials reset request or add malware to an email.

  • They begin to track your credentials via keystroke logger or other methods…

  • Then they “skim” your contact list with the associated email addresses…they will also skim your email to grab your actual signature formatting as well as that on emails you have received.

  • Artificial intelligence is used to vet this list of contacts to prioritize the value of these as phishing targets.

  • An evaluation process is run on the credentials absorbed by the malware…”soft” targets are listed such as payroll, HR software and services (lots of juicy social security numbers, names, birthdates, etc. for your employees there), CRM (info on clients, contributors, etc.)

  • The information developed is sold on the Dark Web.

  • Low-value credentials are sold on the Dark Web.

  • High-value credentials are bid for on the Dark Web.

  • The cycle continues as the recurring revenue can result in “death by a thousand cuts”. The transactions and actions taken generally fly under the radar for months.

So what do you do?

  • The organization should consider providing LifeLock or another similar service to “heavy-hitters” and those personnel in information-sensitive positions, critical accounts should be added for monitoring.

  • Strong, complex credentials should be used on all logons and services…these should NOT be consistent, and should not match credentials used for other services like Facebook, email, encryption, etc.

  • Instruct users to not “save” credit cards into service-providers databases if it can be avoided. The same goes for credentials.

  • For all sensitive services use multi-factor authentication AND IP-address whitelisting if available. This goes for all HR, CRM, accounting, ERP, etc.

  • For individuals it is recommended to freeze your credit reports…these can easily be unfrozen via LifeLock or the credit bureaus as needed.

Preparing for Corona Virus.

Preparing for Corona Virus.

Password credentials protect cybersecurity for your business...how do you build good passwords?

Password credentials protect cybersecurity for your business...how do you build good passwords?

Related Posts