Hackers are constantly looking for system vulnerabilities in order to plant spyware, malware and ransomware on unsuspecting computers, thus allowing them to infiltrate networks and steal data. They spend considerable time and resources writing new virus codes that can sneak past firewalls and antivirus programs. In fact, it's estimated that about 10,000 new threats are discovered every hour, over 200,000 new malware definitions show up globally each day.
Fortunately, security firms have gotten very good at thwarting most cybercrime attempts. If — and it is a very big if — your firewall and antivirus software are constantly monitored and updated, and your organization adheres to some basic data security best practices, then the chances of getting your system compromised digitally via the Internet can be minimized.
RELATED: 5 Key Principles for Data Security
A far more likely way that crooks get their hands on proprietary data, even in today’s Digital Age, is by using very low tech analog techniques such as simply walking into an office or cubicle and physically stealing it. Read on to learn more about these common low-tech hacking techniques so that you can better protect your data.
Desk Security Often Overlooked
With all the time and energy devoted to securing our computers and virtual desktops, the actual desks in our offices or workspaces often get overlooked as a source of valuable protected information (PI). White hat hackers — as they are sometimes referred to — have a much higher success rate than their online counterparts.
In a research experiment conducted by the Ponemon Institute and sponsored by 3M and the Visual Privacy Advisory Council, researchers posing as legitimate workers were able to visually hack sensitive information, such as passwords and usernames. They simply walked through an office during work hours and used a variety of low tech methods.
As they ostensibly performed work duties in the study office, researchers were able to take documents labeled as confidential from desktops, or in some cases, use a smartphone to take photos of data displayed on computer monitors. These thefts were done in full view of other office workers, and 70 percent of the time the visual hacker was not stopped by employees, even when using a smartphone to take a photo of data displayed on a screen.
Even when they were questioned by others, the faux thieves were still able to steal an average of 2.8 pieces of sensitive data. When they were not questioned, they obtained an average of 4.3 pieces of data.
The Human Factor
All the surveillance technology and firewalls in the world cannot help keep your data secure if lax office habits prevail. It would be like buying the best alarm system money can buy, and then simply leaving your keys in your car.
Although your IT department or your managed services provider (MSP) can set up and monitor a first class security system, it can be quickly negated by leaving your password on a sticky note taped to your monitor, or even hidden under your keyboard.
Data thieves have been known to impersonate service personnel such as janitors and maintenance men in order to gain entry to offices after working hours. Printer and network access cards left on a desktop are prime targets for data thieves.
Just some of the types of hard copy data often left on unattended desktops in plain view of prying eyes include:
- Day planners
- Business plans
- Client contracts with billing terms
- Financial statements
One of the first places that data thieves look for pieces of information are printer trays. There are simple technological ways to avoid leaving sensitive printed material in an output tray, such as using secure pull printing. With pull printing, users must be physically present at the printer to punch in a code, or use an access card, before their documents can be printed.
This greatly reduces the chances of sensitive documents sitting unattended in the output tray. Never the less, employees should always be on guard against visual hacking in the office. Remember to secure those access cards and sensitive documents — and, for goodness sake, ditch the sticky note method in favor of a more secure way to manage login credentials and passwords.
Always ensure that considerations regarding both virtual and physical security are included in your technology road map, which must be updated on a regular basis. To get started on your own technology road map, check out our free white paper, 4 Key Elements to Consider When Building Your Technology Road Map.
Need some help implementing data security best practices in your office? Contact us for a complimentary assessment and your customized action plan.