We all know about malware and data-stealing “bots.” But what about information theft that happens the old-fashioned way?
With high-profile data breaches playing out in the headlines seemingly every week, Internet security is a top priority in the New World of Work. The ease with which hackers can plunder critical data is disheartening, and the problem is only getting worse.
All companies have taken measures to safeguard their networks from information theft. But often, instead of keeping your eyes on the nebulous threats from hackers half a world away, the biggest information threats can be right in your own backyard. Old-fashioned solicitation and subterfuge are tactics often deployed by thieves to gain access to sensitive information. So what can managers do to protect their company and employees against these forms of information theft?
Take Routine Precautions
Identity thieves have no shame. They comb through your trash; they steal your mail; they even tear apart your cubicle and desk in search of revealing paperwork. This is why shredding unneeded documents is a common practice for many businesses — and definitely should be for yours. Try not to keep sensitive paperwork in your work desk; if you must, make sure it’s in a locked drawer. (And don’t just leave the key in an unlocked drawer nearby. Isn’t that the first place you’d look, if you were a thief?)
Be Wary of Social Engineering Schemes
Ever been tricked by someone claiming to be someone they’re not? That’s social engineering, which is basically a fancy term for fooling people into giving up confidential information.
It happens a lot over email – a popular one lately is a message telling employees that their health care is about to be cancelled and they should open an attached file or visit a certain website in order to make sure it isn’t. But often this kind of information theft begins offline, where a thief will pose as a colleague, IT administrator or maybe someone like a bank or credit card company rep, telling you that your account has been compromised and they need your account number/password/Social Insurance Number to reopen it. It could even be as simple as blanketing your company’s employee parking lot with flyers that entice people to log in to what seems like a legitimate website but is actually a phishing attack.
To avoid becoming a victim of social engineering, your employees need to remain vigilant at all times. Never reveal passwords, log-in credentials and PIN or Social Security numbers in their entirety. Don’t open strange files or click on unverified links in emails, even if they’re coming from people you know. And make sure, for instance, that the URL for the site in which you’re about to type your sensitive information is legit and not a phishing site masquerading as the real thing.
IT administrators can and should conduct regular tests to see if employees are susceptible to these types of attacks. Repeated training and reminders can help lessen the impact of this type of attack on your company.
Don’t Just Throw Away Old Tech
Do you store bank records, old electronic tax returns, RRSP account details, password lists or other sensitive information on computer hard drives? Do you throw those computers out without taking steps to encrypt or wipe those drives?
Just because you’re done with something doesn’t mean that the bad guys are done with it. Sensitive data isn’t safe in a landfill — so take your old computers and storage drives to a place that safely recycles electronics instead. Or learn how to use old tech in the office.
Information theft is here to stay, but with a few extra precautions, you give yourself a much better chance of avoiding it or, at least, minimising the damage. Let Ricoh show you how.