Credential theft can be the worst nightmare for your business, especially if you deal in sensitive client data and information. No business is immune. This theft is done by perpetrators that want the security credentials, namely names and passwords, to access private information like payment accounts and social security numbers. Knowing the key ways these thieves get the information can help you take steps to avoid credential theft.
Red Flag #1: Phishing
Most people are aware of phishing scams. There are several ways these may play out. They may spoof your official website with one that looks almost identical and has a very similar address. Then, when your clients or employees login, the info ends up in the thief's hands. A similar scam is done by sending official-looking emails with requests for personal information.
Phishing can also happen over the phone. Scammers may call clients and pose as one of your employees, requesting sensitive information. These scammers may even call your employees and pose as a superior or IT tech in need of login information.
Fighting back: There are ways to fight back. For example, buying up similar domain names or those that feature common misspellings can minimize accidental logins to phishing sites. You should also make it clear to employees and frequently remind customers not to give out sensitive info over the phone or via email unless they initiated the call.
Red Flag #2: Key Loggers
A key logger is a malware program that captures the keystrokes and input on a computer. They are often downloaded to a computer unbeknownst to the user, perhaps through a website or from an email attachment. These can affect both client computers and your company's computers.
Key loggers may also end up installed directly on your website instead of on an individual computer, generally as part of a larger hacking attempt. This means all users of the website are losing their private information when they login to your site.
Fighting back: Implementing a good virus and malware detection software program on your company computers helps prevent key loggers from accessing in-house information. You may also want to consider banning employees from logging in from personal computers, and assigning laptops to those that must take work home. These computers should be subject to frequent checks to make sure they are clean. There are also encryption programs that you should consider adding to your company internet portals that may be able to confound key loggers and protect your clients. Contact an IT security firm for more help.