A disturbing story came out recently involving Magnolia Health Corporation (MHC). A cyber criminal used the CEO’s email to send out a fraudulent message to employees. By posing as the CEO, the criminal was able to ask for a spreadsheet containing sensitive data about MHC employees; the information included Social Security Numbers, addresses, birthdays and salaries, along with employee names.
The story highlights two kinds of vulnerabilities businesses face when it comes to data breaches: hacking and impersonation.
Hacking usually involves some kind of technological know-how, but not always. For example, someone can gain access to an email or social media account by correctly guessing the answers to password recovery questions; they don’t need to have any programming knowledge.
There are a variety of tools available to better protect your business against hacking. However, the second vulnerability mentioned here – impersonation – is more difficult to guard against through purely technological means.
Safeguarding against impersonation
Impersonators can try to gain access to sensitive data in several ways. They may show up at your office, or call you or email you while posing as tech support for a computing device or piece of software. As in the story involving MHC, they may also pretend they’re someone you know and work with. They may not even need to hack into anyone’s email to accomplish this ruse.
Safeguards against impersonations include the following:
- Stop to think and evaluate a situation before handing over sensitive information to another person.
- Listen to your instincts if something tells you that a person or situation seems fishy.
- Double-check credentials and contact other people to verify an individual’s identity.
- If you find out that an email or social media account has gotten hacked, let people as soon as possible to warn them.
- Establish and enforce protocols for how employees should handle and transmit sensitive information.
Part of our IT consulting services involves helping you set up data protection safeguards and promote good cyber security habits among your employees. Don’t hesitate to contact us for assistance and advice. And always keep in mind that impersonations are a cunning strategy that cyber criminals use to get their hands on your confidential data.