The outcry over identity theft on social networking sites like FaceBook and MySpace serves as a reminder of how the openness of the internet can mean rich pickings for fraudsters. Educating your staff about the dangers is key to protecting your business.
The outcry over identity theft on social networking sites like FaceBook and MySpace serves as a reminder of how the openness of the internet can mean rich pickings for fraudsters.
If your business uses email, you’ll be targeted at some stage. ‘As the internet becomes increasingly monetised,’ says John Safa, chief technical officer of firewall software provider DriveSentry, ‘so the attacks become more sophisticated. The malicious software develops and the threat of someone accessing valuable company information becomes more likely.’
Fraudulent emails are increasingly authentic in appearance, purporting to originate from various sources, from banks to potential clients. The process is known as “phishing”, explains Mark Murtagh, product director of information leak prevention at web security company Websense. ‘Emails will contain a link to a website on which you will be asked to re-confirm some details or confirm a password with the aim of stealing your details and using them to access your account.’
Safa explains that files coming into an organisation, downloaded from the internet and transported on a flash drive or disc for example, can also be ‘extremely vicious’.
They can contain malicious software, generally known as malware, that is sophisticated enough to hide itself from anti-virus software. Malware can log any key strokes that you make on the keyboard and send the information elsewhere when you log onto the web. This means that passwords and bank account details could be at risk, along with private company documents and emails.
Tony Neate, managing director of Get Safe Online, recommends having a company policy to deal with such issues: ‘Education and awareness for staff about the dangers out there is all important – it’s as much the responsibility of the individual employee as it is for management to be aware of identity fraud and protect their own and the company’s interests.’
This could mean regulating the use of external hard drives, including iPods, flash keys and discs with dubious or uncertain origins in the workplace and, moreover, informing staff of the ways in which criminals might try to access their private information. Education is the first line of defence it seems.
The social networking problem
Recent research from Websense suggests that around 45 pr cent of staff admit engaging in activity that could put their company’s data at risk. The most common of these being the sending of work documents to personal, web-based email accounts to enable home working.
‘Data leakage is an increasing problem,’ adds Neate. ‘For businesses, corporate identity is as precious as their staff and preventing information from getting out could be down to something as simple as warning people not to share too much on social networking websites or not to send too much valuable company information across the internet.’
www.getsafeonline.org – Free advice for individuals and businesses on all aspects of safety online.
www.identity-theft.org.uk – Information on identity theft produced by the Home Office Identity Fraud Steering Committee, a collaboration between UK financial bodies, government and the police to combat the threat of identity theft.
www.drivesentry.com – A commercial company producing a free-to-try firewall for hard drives, used as an extra line of defence against fraudsters.
www.websense.com/global/en-gb/ – A commercial company selling content filtering, web filtering, and web and desktop security software.
http://free.grisoft.com/ – AVG, the most downloaded free antivirus software on the internet.
See also: Choosing your business identity