It’s really just another normal day at the office when we hear that another data breach has occurred or that a fresh batch of sensitive data has been found for sale on the dark web. A greater focus should be on what we can do to protect our organizations and ourselves from this onslaught of cybercrime.
Sometimes it is helpful to know what the thieves are after. It includes information of all types. Often it’s called “confidential” or “sensitive.” Both categories are valuable to identity thieves and those wishing to part you or your organization with its money. Some of the information they seek includes:
This list can get lengthy, but all of it has some value on the dark web. For example, it is suspected that there are groups that collect data and put it together to sell to identity thieves. You may not think there is harm in advertising your title on social media, or other sites, but spear-phishers use that information to do a variety of things such as business email compromise (BEC). The FBI warned that the dollar figure in losses due to this type of fraud surpassed the $3.1 billion over the last three years!
While this list can also get long, let's start with these items:
The cyber criminals use a variety of methods to get into a network and they don’t necessarily limit themselves to one way at any given time. They often combine phishing with malware attacks, or online advertising with malware called malvertising. In addition, ransomware and scareware are also lucrative methods for hackers to get information and money from victims. However, do not pay to get data back. Instead, put a good backup process in place so you can restore from a recent backup, should ransomware strike.
Don’t forget that accidental release of information is also a way that data gets into the wrong hands. Lost and stolen laptops and portable drives are one way. A few years ago a field was littered with sensitive and confidential information on dental patients with no real explanation as to how it got there. Not so long ago, medical records from a radiology center were found scattered along a freeway when a waste disposal company did not properly follow processes for caring for the documents.
Even simple mistakes such as a typo in a web address can lead to a serious data breach. So take some time to make sure your organization is not the next one in the news headlines putting others’ information at risk for identity theft.