By gaining the trust of employees over the phone, via email or in person, a con-man can get almost anything he needs to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.
Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside.
But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information.
But preventing bad employees from doing bad things starts with not hiring bad people.
Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like its coming from another employee is probably the most effective spear phish.
Going after the CEO or high level executive or "whaling" can often be even more successful.
The bigger they are the harder they fall as they say. From my experience it's often the smartest ones in the room that lack all common sense. Test your employees; see what they will fall for. Then test them again.
Tighten up employee remote access. Allowing Suzy Admin to access the companies VPN from a home PC that Suzy's son Steve uses to play games on servers hosted in North Korea will end up bad.
Malware on a home computer can compromise usernames and passwords resulting in spyware on the network. Set up Suzy with her own laptop that's fully locked down and prevents Steve from doing anything fun.
Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world.
Obama's helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.
Identity theft will get worse before it gets better. And whether it's your identity, your families or your employee's identity that is stolen, it can be a huge time suck and a costly event.
The best defense involves a 3 legged stool.
First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a "credit freeze" or "security freeze". Learn how to do it HERE. Third is an annual investment in identity theft protection. In today's cyber crime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.
- << Prev