BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.  

Cyber Security

Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.

These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.

Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.

How Do Hackers Steal Employee Data?

The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.

Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.

Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.

In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.

How To Prevent Becoming A Victim

Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:

  • Install anti-virus and anti-malware software on all devices
  • Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
  • Encrypt all sensitive information
  • Back up sensitive information to a secure external source
  • Limit access to employee data with escalating security procedures
  • Require employees to install security software on all devices that access company data, including personal devices
  • Use Virtual Private Networks (VPNs) to encrypt data accessed remotely

It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.

Consider A Managed Service Provider

Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.

A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.

An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.

More Like This

Are You Ready For Pandemic 2.0?

Will We Have Another Wave Of COVID-19? Dr. Anthony Fauci has made clear that he is almost certain the novel coronavirus will come back in the fall. Even so, a whopping 42% of CFOs don’t have a plan for what to do if the pandemic and accompanying shutdowns hit yet again. Don’t wait until fall hits to start …

Are You Ready For Pandemic 2.0? Read More »

Read More

AA20-133A: Top 10 Routinely Exploited Vulnerabilities

Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by …

AA20-133A: Top 10 Routinely Exploited Vulnerabilities Read More »

Read More

AA20-126A: APT Groups Target Healthcare and Essential Services

Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 …

AA20-126A: APT Groups Target Healthcare and Essential Services Read More »

Read More

Is this a new version of Nefilim Ransomware or something different?

Original release date: May 5, 2020 Summary A possible new variant or maybe a different tactic now being used by the Nefilim Ransomware Background As noted originally by the BleepingComputer the ransomware going by the name of Nefilim came to be around the end of February2020. While these threat actors originally deployed a Tor Payment …

Is this a new version of Nefilim Ransomware or something different? Read More »

Read More

How to Use Microsoft Teams

How to Use Microsoft Teams Technology Microsoft Teams has quickly become one of the most popular tools businesses are using as employees have migrated to working from home. How can your business best use Teams and its features to keep employees connected and productive during the COVID-19 pandemic? What Is Microsoft Teams? Microsoft Teams is …

How to Use Microsoft Teams Read More »

Read More

AA20-120A: Microsoft Office 365 Security Recommendations

Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms. This Alert …

AA20-120A: Microsoft Office 365 Security Recommendations Read More »

Read More