Identity Theft

Identity Theft is when a hacker uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits. Thieves look to steal user’s personal information: full name, home address, email address, online login and passwords, Social Security number, driver’s license number, passport number, or bank number.

How do they get My data?

Some of the most common ways personal information is stolen is through phishing attacks, skimming attacks (stealing this data off your magnetic strip of your credit card) by placing a card reader over top the real card reader at a Gas Pump, or ATM machine, and even WiFi hacking. They can also purchase this information on the dark web from hackers who have breached company databases and sell access to “Identity” information dark web forums.

What harm can they do with my data?
Once hackers have some or all of your personal information, they use it to register for a Credit Card in your name or take a loan out in your name.  If they breached a company and stole hundreds, thousands, or millions of records, they might turn to the dark web to sell your private data to other hackers who might steal your identity.

Source: Norton

Additional Reading: Indians Most Concerned About Identity Theft

Related Terms: Phishing, Social Engineering

What should you do as an SMB Owner?

Protecting your staff’s personal information and assets from being stolen is an important action to be taken in any business. Many business owners don’t realize that the threats don’t stop at the office doors, employees go home and may have less secure measures in place to defend against cyber threats at home. That can lead to an infection from home showing up at the office unknowingly. Protecting your staff and business from these threats is vital.
 
Follow CyberHoot’s best practices to reduce the likelihood of you or your employees becoming victims to identity theft:
  • First and foremost, to prevent identity theft and the issuance of credit in your name, lock your credit with all four credit agencies as outlined below (see How and Where to Lock My Credit).
  • Second, train employees on cybersecurity basics, helping them become more aware of the threats they face when interacting online. (Phishing, Social Engineering Attacks)
  • Phish Test Employees
  • Be wary of public, unsecured WiFi (use a VPN if dealing with sensitive information)
  • Govern employees with the proper policies, following NIST Guidelines (WISP, Acceptable Use, Password Policy, etc) 
  • Employ a Password Manager, require it in your Password Policy 
  • Enable Two-Factor Authentication wherever possible
  • Work with your IT staff or third party vendors to ensure your critical data is being encrypted properly
  • Regularly backup critical data
  • Use the principle of least privilege 
  • Stay current with the always-changing cyber threats.

By implementing these measures at your business you’ll become more aware and more secure.  You may not have perfect security but you’ll be doing what you can to reduce the risks you face.

How and Where to Lock My Credit:

Anytime static data that cannot be recreated is breached there are long-term consequences which is the case with the Equifax breach of Social Security Numbers, birth dates, home addresses, and driving license numbers.  Putting a credit freeze on your account will protect you largely from hackers taking credit out in your name, but doesn’t prevent them from submitting fraudulent tax returns in your name.  Get your tax documents in order and submit as early as possible.

Transunion Credit Freeze:  https://www.transunion.com/credit-freeze
Equifax Credit Freeze: https://www.equifax.com/personal/credit-report-services/credit-freeze/ 
Experion Freeze Center: https://www.experian.com/freeze/center.html
Innovis Security Freeze: https://www.innovis.com/personal/securityFreeze

To learn more about Identity Theft, watch this short 2 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.