Back in the day, criminals stole your information by accessing your wallet, phone tapping, or even sifting through your rubbish. Their intent was to impersonate you and make purchases on your behalf.
Today, the shift has taken us online. Everyone likes to find a good bargain. It is convenient, time-saving and a great distraction from work. Cyber criminals ramp up their identify-theft efforts during this time of year, as most of us are too busy to notice or have our guards down.
How is information stolen?
Opportunistic criminals look for the easiest path to stealing your information. The harder you make it for them (as an individual or a company), the less likely you will be targeted. It is akin to locking your front door but leaving the kitchen window ajar: a thief won’t bother trying to pick a lock if they can get in through via a side entrance. Cyber thieves are also creative and often engage in reconnaissance activities before acting. Some of the information they might want to gather may come from, but are certainly not limited to:
- unencrypted client databases,
- customer demographic information,
- open market information,
- discarded USB sticks, and
- social media accounts.
How to stay protected
As with any risk, you’ll never be able to protect yourself completely. We do recommend making the following considerations:
- Reputable vendors – Make sure that your partners take privacy and security seriously. Avoid using free-ware or shareware.
- Security first – keep changing passwords and use two-factor authentication.
- Privacy policies – organisational policy is one of the best ways to mitigate risk. Make sure all your staff are informed, and
- Public-less – take
carewhat information you publicise on websites like LinkedIn and your own portals. Attackers are good at gathering information from multiple sources.
- Maintain anti-malware/virus software – especially on portable/mobile devices.
- Be alert – pay attention to account and credit card statements.
What if you’ve been targeted?
If your identity has been stolen or you think you might have been at risk, contact ACORN (Australian Cybercrime Online Reporting Network) or SCAMWATCH. It is also a government requirement that you inform all stakeholders affected.
Nelson Clemente (BEng, ISO27032)
getNEXT – Systems Engineer, Cyber Security Awareness