How Does Business Identity Theft Happen?How do my business computers get infected?
Infection of your business computers is frequently the result of non-business activities such as casual Internet surfing, gaming, checking personal email, etc. Employees may be using business computers, or their own mobile devices connected to company networks, to visit popular social networking sites such as Facebook, LinkedIn, or Twitter.
Many employees also check their personal email at work and open forwarded humorous emails or videos. All of these activities put your business computers and networks, and ultimately your business, at significant risk. A single errant or careless click can compromise critical business systems, cause the loss or theft of sensitive customer and employee information, or result in cybercriminals cleaning out your business bank accounts.
In other cases, an untrained or unsuspecting employee may open and respond to a phishing email designed to trick them into divulging log-in credentials or other sensitive information, or to connect them to a bogus web page designed to trick them into attempting to log in (or update their log-in credentials) so as to capture their user name and password . Such emails may even appear to originate from within the business, such as from accounting, HR, or I.T. Phishing emails may be received by low level employees, or may be specifically targeted at a manager or high level executive (known as “spear phishing”), because higher level employees often have greater systems access and/or may have full computer administrator rights that will allow malware to install and execute.
Another commonly used tactic is a malware attachment disguised as a Word, Excel, or PDF file. The email subject and message are designed to prompt the recipient to open the attachment, and may appear to be providing an invoice, shipping notification, travel itinerary, or any number of other common business documents. The attachment, however, is an executable program that launches and installs itself when opened.
In still other cases, malicious programs can easily take advantage of unsecure or un-patched Internet browsers and operating systems, as well as unsecure/un-patched versions of popular software such as Flash and Acrobat.10 questions every business owner should be able to answer:
The ITPA offers FREE employer training accounts that make providing your required employee information security and compliance training simple, painless, and affordable. Businesses of every size can easily manage and deliver world-class interactive training with no upfront costs, no I.T. requirements, and no minimum purchase requirements. Your online training center can be ready to use in just minutes. Learn more and get started today!More information and resources
The national business identity theft resource website, BusinessIDtheft.org, offers a wealth of free information, resources, and tips to help you protect your business from thieves and cybercrime.