Part one of this series talked about identity thieves wanting your password, and we discussed ways to protect against having your passwords compromised. Securing your password seems to be only 25 percent of the battle these days. Many network security attacks and breaches, like the Heartland Breach, occurred from within. So it is important to be PCI Compliant internally and know who is working for you.
I wish there were a specific set of characteristics I could post to detect an identity thief, but unfortunately they are as broad as the criminal population itself. I like to divide attacks by criminals into two categories: internal security attacks and external security attacks.
Internal attacks are usually traced back to disgruntled, dishonest, and/or careless employees. Some common characteristics of an internal attack are:
Computer and data theft: An employee stealing a PC, laptop, memory stick, or external hard drive.
Desk snooping: Look out for employees snooping around a co-workers’ desk for reminders and notes. Sometimes they might even ask a coworker to look something up to see if they should happen to keep a sticky note under a tissue box with their password.
The roaming employee: This employee typically wanders around looking over cubicle walls and observing keys that other employees type.
External attacks are usually done by a person that has no direct access to the company or its website. These types of thieves are crafty. They come in many different forms and are always coming up with new ways to get into a website. Some examples of theft to look out for are:
Bogus websites: I have only recently learned about how these actually work. These website ape legitimate sites. The design is so similar it can often fool the website owner himself. Consumers enter in their personal information and the thief captures it for their own use.
Forceful attacks: The techies call this a brute force attack. This is where a computer is set up to methodically try every combination of letters, numbers, and symbols to break a password.
Web page hijackers: These savvy criminals load malicious code on to your computer. The code is designed to redirect your typed web address to another site. This also can cause you to be redirected to one offensive site after another.
Protecting your network and website against identity theft can be costly, but there are many cost effective ways to secure your network from security breaches. Privacy protection laws must inform customers that their private information has been compromised. This notification alone can cost around $20 per customer. Better to be safe and secure now, than pay the price later.