Fortress of protection: how organizations and individuals can safeguard against identity thieves
Shielding against identity theft in a post-pandemic world
In today's world, it's easier than ever for criminals to steal personal information because of the COVID-19 pandemic. Many employees are working from home, which makes them more vulnerable to social engineering attacks. Moreover, sensitive information that was once protected by secure corporate networks is now accessible from unsecured home networks.
In addition to this, many companies are moving their operations online, and regulators are not yet enforcing remote security procedures. This means that valuable data can be accessed through devices on a primary home network, making it easier for cybercriminals to launch attacks.
Therefore, IT teams must educate and prepare their remote workforce to deal with these increasingly sophisticated attempts at identity theft.
Before we discuss how to protect against it, it's essential to understand the two main ways that cybercriminals steal identities.
A Techradar Choice for Best Identity Theft Protection Aura is an excellent choice thanks to its user friendly interface, antivirus service and detailed reporting dashboard. Save up to 50% with a special Techradar discount.
Social engineering
Intruders who seek to perform identity theft usually start by using social engineering. This involves stealing minor information that is specific to the user they are targeting. They then use this information, along with intimidation tactics, to create a narrative with the user, such as requests from a bank or a trusted brand asking for verification or answers to security questions. Once the victim shares this information, the attacker can use it to take total control of the user’s online identity and cause chaos throughout the enterprise network.
Home network devices
With most, if not all, of the average workforce now being based at home, cybercriminals can bypass the more robust security of the physical office perimeter and find a way in through a less secure device sitting on the same home network as a company laptop or tablet. This is particularly concerning for banks and other financial organizations housing lucrative data. Once an attacker breaks into the network, they can move laterally throughout the network and do what they do best.
With these routes to identity theft acknowledged it’s up to IT teams to create strict procedures that enforce the best possible defense and ensure users accessing the network are equipped to correctly identify and mitigate threat attacks in the case that these defenses don’t work.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As always, the first and most effective thing IT leaders can do is create an atmosphere of caution amongst their colleagues. This means adopting a ‘zero trust’ approach to business communications - digital or otherwise. If users aren’t expecting an email asking for specific information, they should phone the sender to verify the request. That goes for any communication - if there is a second way of authenticating the person at the other end of the email or phone, it must become second nature. It is a straightforward method, but it’s also the most effective. It’s awareness like this, almost common sense, that is often lost as businesses scramble to digitize themselves. Despite all of the security solutions available, humans still play a pivotal role in defending or failing an organization. Attackers will remember this, but organizations often forget.
Another vital tool in any defense is multi-factor authentication. By requiring more than one set of data from a user looking to access sensitive files or networks, the chance of a successful breach due to identity theft is immediately reduced. So, if your online identity is stolen, multi-factor authentication acts as a final safety net. If you can’t identify somebody, you can’t authenticate them. If you can’t authenticate them, you can’t provide the correct actor privilege level - which is how these compromises typically occur.
Network segregation is a reliable way to prevent criminals from accessing and laterally moving through an enterprise network, having accessed it through a weak security point at a user’s home. By providing remote workers with a separate network dedicated entirely to their workloads, IT leaders can remove these new security blind spots - in the form of the connected home - and close one of the prime avenues used by those attempting identity theft.
Stay vigilant
Identity theft attempts and remote working practices are here to stay, though the idea of total protection is gone. Nobody can fully protect, and so we must instead focus on defending for the inevitable. Beyond the above actionable tips for combating identity theft, IT teams and their organizations must embrace a larger sense of vigilance, awareness, and consistency when composing themselves and interacting with others online.
More from TechRadar Pro
- Here's our list of the best secure router on the market
- Check out our list of the best VPN services on the market
- We've built a list of the best encrypted messaging services around
- We've also highlighted the best password manager
Ricky Magalhaes is an international cyber-security expert, evangelist and strategist Ricky has been practising for the past 20+ years working with the world’s leading brands. Ricky sold his cyber security company in 2005 and joined the leadership of a large SI in the UK which was sold to the Datatec group (Logicalis) in Feb 2012. Ricky leads the security division at Logicalis and is responsible for together with the leadership building the strategy for the European cyber security operations.