TEST to main content First level navigation Menu
internet security

Protecting your business secrets from old-school information theft

by Sarah Schmid
 
We all know about malware and data-stealing “bots.” But what about information theft that happens the old-fashioned way?

With high-profile data breaches playing out in the headlines seemingly every week, internet security is a top priority in the new world of work. The ease with which hackers can plunder critical data is disheartening, and the problem is only getting worse.

Instead of keeping your eyes on the nebulous threats from hackers half a world away, the biggest information threats can be right in your own backyard.

All companies have taken measures to safeguard their networks from information theft. But often, instead of keeping your eyes on the nebulous threats from hackers half a world away, the biggest information threats can be right in your own backyard. Old-fashioned solicitation and subterfuge are tactics often deployed by thieves to gain access to sensitive information. So what can managers do to protect their company and employees against these forms of information theft?
 

Take routine precautions

Identity thieves have no shame. They comb through your trash; they steal your mail; they even tear apart your cubicle and desk in search of revealing paperwork. This is why shredding unneeded documents is a common practice for many businesses — and definitely should be for yours. Also, try not to keep sensitive paperwork in your work desk; if you must, make sure it’s in a locked drawer. (And don’t just leave the key in an unlocked drawer nearby. Isn’t that the first place you’d look, if you were a thief?)
 

Be wary of social engineering schemes

Ever been tricked by someone claiming to be someone they’re not? That’s social engineering, which is basically a fancy term for fooling people into giving up confidential information.

It happens a lot over email — a popular one lately is a message telling employees that their health care is about to be canceled and they should open an attached file or visit a certain website in order to make sure it isn’t. But often this kind of information theft begins offline, where a thief will pose as a colleague, IT administrator or maybe someone like a bank or credit card company rep, telling you that your account has been compromised and they need your account number/password/Social Security number to reopen it. It could even be as simple as blanketing your company’s employee parking lot with flyers that entice people to log in to what seems like a legitimate website but is actually a phishing attack.

To avoid becoming a victim of social engineering, your employees need to remain vigilant at all times. Never reveal passwords, log-in credentials, PIN numbers or Social Security numbers in their entirety. Don’t open strange files or click on unverified links in emails, even if they’re coming from people you know. And make sure, for instance, that the URL for the site in which you’re about to type your sensitive information is legit and not a phishing site masquerading as the real thing.

IT administrators can and should conduct regular tests to see if employees are susceptible to these types of attacks. Repeated training and reminders can help lessen the impact of this type of attack on your company.
 

Don’t just throw away old tech

Do you store bank records, old electronic tax returns, 401(k) account details, password lists or other sensitive information on computer hard drives? Do you throw those computers out without taking steps to encrypt or wipe those drives?

Just because you’re done with something doesn’t mean that the bad guys are done with it. Sensitive data isn’t safe in a landfill — so take your old computers and storage drives to a place that safely recycles electronics instead. Or learn how to use old tech in the office.

Information theft is here to stay, but with a few extra precautions, you give yourself a much better chance of avoiding it, or at least minimizing the damage.

Strengthen your security

Take charge of your information's safety today.
 
Sarah Schmid
Sarah Schmid is a writer with more than 15 years of experience in the workforce, with stops including a newspaper newsroom, a political campaign office, and in a government public relations shop, where she became intimately familiar with the key issues that are affecting today’s worker. During her travels, she’s seen it all — horrible bosses, coworkers that have become lifelong friends, backstabbing rivals and great mentorship. She holds a bachelor’s degree in journalism from the University of Montana and is a resident of Detroit, which she proudly calls “the most fascinating city I’ve ever lived in.”