Business Identity Theft – How You Can Protect Your Company
Identity theft is certainly nothing new – the term itself was coined back in the mid-1960s – but it’s come a long way from the days of pick pocketing, dumpster diving and shoulder surfing. Today’s sophisticated information bandits have crafted complex, highly developed systems that have, in turn, spawned an advanced and ever burgeoning cottage industry of techno-criminals.
And these folks think big. Not merely content with snagging personal bank account numbers, today’s masterminds are looking to bring down entire companies, government bodies … even nations.
We’re all familiar with the tactics:
Phishing. Perhaps the oldest strategy, wherein criminals impersonate trusted organizations through emails, text messages, phone calls or other forms of communication in an attempt to persuade individuals to reveal personal information or login credentials. Google was victimized by a major phishing issue a couple months ago.
Malware. IT embedded attacks designed to damage or disable computers and/or computer systems. A recent extensive malware campaign in Europe targeted financial businesses from more than 30 countries.
Ransomware. A particularly malicious form of cryptovirology that locks up an organization’s files and allows access again only if a ransom is paid. We’ve all heard the horror stories of WannaCry, the world’s largest cyberattack that’s hit at least 150 countries and infected 300,000 machines since surfacing earlier this year. Victims include hospitals, universities, manufacturers and government agencies … everyone from global entities like FedEx to the U.S. Department of Homeland Security.
These schemes, of course, do not come as a shock. Many business entities and administrative organizations recognized the potentially devastating threats early on and set up series of redundancy processes in datacenters and within IT operations. But as data security has gotten additionally complicated, so have the breaches. Seems that just as industry creates a better mousetrap, the rats get smarter.
And while cyberattacks will likely only grow more frequent, ransomware is unfortunately extremely difficult to prevent. All it takes is one employee clicking on the wrong link in an email.
There’s no question that with contravention warnings surfacing almost weekly, today’s organizations need to be on constant alert. Even if you’re a relatively small organization – perhaps without the deep pockets to invest in expensive IT cyber security measures – there are a number of basic economical steps you can take on the administrative level to minimize your chances of getting hacked:
Ensure your company’s computers are protected by secure firewalls and are running the latest malware/antivirus software detection programs and data loss prevention software. Be sure to install all patches and system updates from the manufacturer.
Designate only one or two computers that can access online banking and other financial transactions; review all bank account and credit card activity daily.
Educate all employees, especially those in Finance, to double check any email asking for company information or those containing instructions from a superior to move funds; only download files if they’re known to come from a trusted source.
Prohibit web surfing on all company computers, tablets, phones, etc.
Mandate that any passwords contain at least 12 characters and utilize both upper and lower case letters, numbers and symbols; direct that passwords be changed every 60 days on all devices.
Establish offsite/cloud data backup, recurring every one to three days, at least; this minimizes the risk of being exploited by a ransomware perpetrator since you would be able to restore files from your backup rather than paying the crooks.
Remember, no organization is immune, no company is safe and no infrastructure is completely secure. But there are definitive proactive steps you can take. Don’t be caught off guard.
For more on what we’ve learned you can do to protect your organization against identity theft, call Kaplan CFO Solutions today.