If your business uses email, you’ll be targeted at some stage. ‘As the internet becomes increasingly monetised,’ says John Safa, chief technical officer of firewall software provider DriveSentry, ‘so the attacks become more sophisticated. The malicious software develops and the threat of someone accessing valuable company information becomes more likely.’
Gone phishing
Fraudulent emails are increasingly authentic in appearance, purporting to originate from various sources, from banks to potential clients. The process is known as “phishing”, explains Mark Murtagh, product director of information leak prevention at web security company Websense. ‘Emails will contain a link to a website on which you will be asked to re-confirm some details or confirm a password with the aim of stealing your details and using them to access your account.’
Safa explains that files coming into an organisation, downloaded from the internet and transported on a flash drive or disc for example, can also be ‘extremely vicious’.
They can contain malicious software, generally known as malware, that is sophisticated enough to hide itself from anti-virus software. Malware can log any key strokes that you make on the keyboard and send the information elsewhere when you log onto the web. This means that passwords and bank account details could be at risk, along with private company documents and emails.
Safety first
Tony Neate, managing director of Get Safe Online, recommends having a company policy to deal with such issues: ‘Education and awareness for staff about the dangers out there is all important – it’s as much the responsibility of the individual employee as it is for management to be aware of identity fraud and protect their own and the company’s interests.’
See also: How can small and micro businesses achieve enterprise-grade security?
This could mean regulating the use of external hard drives, including iPods, flash keys and discs with dubious or uncertain origins in the workplace and, moreover, informing staff of the ways in which criminals might try to access their private information. Education is the first line of defence it seems.
The social networking problem
Recent research from Websense suggests that around 45 pr cent of staff admit engaging in activity that could put their company’s data at risk. The most common of these being the sending of work documents to personal, web-based email accounts to enable home working.
‘Data leakage is an increasing problem,’ adds Neate. ‘For businesses, corporate identity is as precious as their staff and preventing information from getting out could be down to something as simple as warning people not to share too much on social networking websites or not to send too much valuable company information across the internet.’
Useful links
www.getsafeonline.org – Free advice for individuals and businesses on all aspects of safety online.
www.avg.com – AVG, the most downloaded free antivirus software on the internet.
www.information-age.com – 5 ways to prevent digital identity theft
Protecting Against Corporate Identity Theft
Corporate identity theft is on the rise and it could cost your business a fortune. It allows criminals to order goods or obtain services from suppliers on company accounts, or to conduct industrial espionage.
If your business becomes the target of such activity, the impacts could be direct financial losses of misappropriated services or goods, possible fines resulting from breach of regulatory rules, and/or loss of actual and potential customers resulting from harm to your business’s reputation.
One way that identity passwords and preferences are being accessed and stolen is through keystroke logging; this is often used by fraudsters to capture personal details. This means that anything you type on a computer can be captured and stored. This can be done via a hardware device attached to your PC or by software running almost invisibly on your machine. Some recent viruses are capable of installing such software without the user’s knowledge.
Fraudsters can log your keystrokes and mouse clicks and can record what you are doing. They can log passwords too, and it is akin to eavesdropping on an electronic scale,” believes Richard Bradley, channel manager at security solutions provider Computer Associates.
The following are the most popular ways that fraudsters will use to try and steal both sensitive information and your identity:
- Phishing – When false e-mail messages are sent to a wide audience, in the hope that some people will reply to them. They are designed to look as if they come from a bank or similar organisation asking recipients to confirm account details
- Web spoofing – When fraudsters set up websites to elicit information as part of a seemingly legitimate transaction
- Stealing financial information – Some fraudsters will scour rubbins bins behind offices and shops, looking for credit card slips
