Online identity theft is big business for those of a criminal persuasion. So how can you prtect yourself against the unseen threat?
The outcry over identity theft on social networking sites like Facebook and MySpace serves as a reminder of how the openness of the internet can lead to rich pickings
If your business uses email, you’ll be targeted at some stage. ‘As the internet becomes increasingly monetised,’ says John Safa, chief technical officer of firewall software provider DriveSentry, ‘so the attacks become more sophisticated. The malicious software develops and the threat of someone accessing valuable company information becomes more likely.’
Fraudulent emails are increasingly authentic in appearance, purporting to originate from various sources, from banks to potential clients. The process is known as “phishing”, explains Mark Murtagh, product director of information leak prevention at web security company Websense. ‘Emails will contain a link to a website on which you will be asked to re-confirm some details or confirm a password with the aim of stealing your details and using them to access your account.’
Safa explains that files coming into an organisation, downloaded from the internet and transported on a flash drive or disc for example, can also be ‘extremely vicious’.
They can contain malicious software, generally known as malware, that is sophisticated enough to hide itself from anti-virus software. Malware can log any key strokes that you make on the keyboard and send the information elsewhere when you connect to the web. This means that passwords and bank account details could be at risk, along with private company documents and emails.
Tony Neate, managing director of Get Safe Online, recommends having a company policy to deal with such issues: ‘Education and awareness for staff about the dangers out there is all important – it’s as much the responsibility of the individual employee as it is for management to be aware of identity fraud and protect their own and the company’s interests.’
This could mean regulating the use of external hard drives, including iPods, flash keys and discs with dubious or uncertain origins in the workplace and, moreover, informing staff of the ways in which criminals might try to access their private information. Education is the first line of defence it seems.
Recent research from Websense suggests that around 45 per cent of staff admit to engaging in activities that could put their company’s data at risk. The most common of these is the sending of work documents to personal, web-based email accounts to enable home working.
‘Data leakage is an increasing problem,’ adds Neate. ‘For businesses, corporate identity is as precious as their staff and preventing information from getting out could be down to something as simple as warning people not to share too much on social networking websites or not to send too much valuable company information across the internet.’