BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.  

Cyber Security

Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.

These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.

Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.

How Do Hackers Steal Employee Data?

The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.

Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.

Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.

In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.

How To Prevent Becoming A Victim

Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:

  • Install anti-virus and anti-malware software on all devices
  • Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
  • Encrypt all sensitive information
  • Back up sensitive information to a secure external source
  • Limit access to employee data with escalating security procedures
  • Require employees to install security software on all devices that access company data, including personal devices
  • Use Virtual Private Networks (VPNs) to encrypt data accessed remotely

It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.

Consider A Managed Service Provider

Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.

A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.

An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.

More Like This

How Microsoft Dataverse Helps Your Organization Store and Manage App Data Securely

How Microsoft Dataverse Helps Your Organization Store and Manage App Data Securely Microsoft Dataverse is a software as a service (SaaS) solution capable of resolving wide-ranging data management and businesses’ storage issues. As an ever-increasing number of organizations generate a large amount of data, there is a need to manage it securely and efficiently. Thus, …

How Microsoft Dataverse Helps Your Organization Store and Manage App Data Securely Read More »

Read More

AA21-055A: Exploitation of Accellion File Transfer Appliance

Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including …

AA21-055A: Exploitation of Accellion File Transfer Appliance Read More »

Read More

AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Original release date: February 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency …

AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware Read More »

Read More

How IT Consulting Companies Can Help Overcome Technology Challenges

How IT Consulting Companies Can Help Overcome Technology Challenges Information technology helps businesses of varying sizes to enhance operations and thrive. To maximize the benefits of technology, businesses often enlist the help of established IT consulting companies. With the assistance of highly skilled consultants, organizations empower themselves with the right tools to bolster innovation and overcome …

How IT Consulting Companies Can Help Overcome Technology Challenges Read More »

Read More

AA21-042A: Compromise of U.S. Water Treatment Facility

Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, …

AA21-042A: Compromise of U.S. Water Treatment Facility Read More »

Read More

Pros and Cons Of Outsourcing Your IT Support To A Managed Services Provider

Pros and Cons Of Outsourcing Your IT Support To A Managed Services Provider Paper or plastic? Cash or charge? MSP or in-house IT? There are many choices that you need to make on a daily basis, some personal and some related to keeping your business running. However, the last question can have a serious impact …

Pros and Cons Of Outsourcing Your IT Support To A Managed Services Provider Read More »

Read More