Fortress of protection: how organizations and individuals can safeguard against identity thieves

A wall.
(Image credit: Photo by Henry & Co. on Unsplash)

In today's world, it's easier than ever for criminals to steal personal information because of the COVID-19 pandemic. Many employees are working from home, which makes them more vulnerable to social engineering attacks. Moreover, sensitive information that was once protected by secure corporate networks is now accessible from unsecured home networks.

In addition to this, many companies are moving their operations online, and regulators are not yet enforcing remote security procedures. This means that valuable data can be accessed through devices on a primary home network, making it easier for cybercriminals to launch attacks.

Therefore, IT teams must educate and prepare their remote workforce to deal with these increasingly sophisticated attempts at identity theft.

Before we discuss how to protect against it, it's essential to understand the two main ways that cybercriminals steal identities.

A Techradar Choice for Best Identity Theft Protection

<a href="https://aurainc.sjv.io/c/221109/899264/12398?subId1=hawk-custom-tracking&sharedId=hawk&u=https%3A%2F%2Fbuy.aura.com%2Fsave-50" data-link-merchant="buy.aura.com"">A Techradar Choice for Best Identity Theft Protection Aura is an excellent choice thanks to its user friendly interface, antivirus service and detailed reporting dashboard. <a href="https://aurainc.sjv.io/c/221109/899264/12398?subId1=hawk-custom-tracking&sharedId=hawk&u=https%3A%2F%2Fbuy.aura.com%2Fsave-50" data-link-merchant="buy.aura.com"" data-link-merchant="buy.aura.com"">Save up to 50% with a special Techradar discount. 

Social engineering

Intruders who seek to perform identity theft usually start by using social engineering. This involves stealing minor information that is specific to the user they are targeting. They then use this information, along with intimidation tactics, to create a narrative with the user, such as requests from a bank or a trusted brand asking for verification or answers to security questions. Once the victim shares this information, the attacker can use it to take total control of the user’s online identity and cause chaos throughout the enterprise network.

Home network devices

With most, if not all, of the average workforce now being based at home, cybercriminals can bypass the more robust security of the physical office perimeter and find a way in through a less secure device sitting on the same home network as a company laptop or tablet. This is particularly concerning for banks and other financial organizations housing lucrative data. Once an attacker breaks into the network, they can move laterally throughout the network and do what they do best.

With these routes to identity theft acknowledged it’s up to IT teams to create strict procedures that enforce the best possible defense and ensure users accessing the network are equipped to correctly identify and mitigate threat attacks in the case that these defenses don’t work.

As always, the first and most effective thing IT leaders can do is create an atmosphere of caution amongst their colleagues. This means adopting a ‘zero trust’ approach to business communications - digital or otherwise. If users aren’t expecting an email asking for specific information, they should phone the sender to verify the request. That goes for any communication - if there is a second way of authenticating the person at the other end of the email or phone, it must become second nature. It is a straightforward method, but it’s also the most effective. It’s awareness like this, almost common sense, that is often lost as businesses scramble to digitize themselves. Despite all of the security solutions available, humans still play a pivotal role in defending or failing an organization. Attackers will remember this, but organizations often forget.

Another vital tool in any defense is multi-factor authentication. By requiring more than one set of data from a user looking to access sensitive files or networks, the chance of a successful breach due to identity theft is immediately reduced. So, if your online identity is stolen, multi-factor authentication acts as a final safety net. If you can’t identify somebody, you can’t authenticate them. If you can’t authenticate them, you can’t provide the correct actor privilege level - which is how these compromises typically occur.

Network segregation is a reliable way to prevent criminals from accessing and laterally moving through an enterprise network, having accessed it through a weak security point at a user’s home. By providing remote workers with a separate network dedicated entirely to their workloads, IT leaders can remove these new security blind spots - in the form of the connected home - and close one of the prime avenues used by those attempting identity theft.

Stay vigilant

Identity theft attempts and remote working practices are here to stay, though the idea of total protection is gone. Nobody can fully protect, and so we must instead focus on defending for the inevitable. Beyond the above actionable tips for combating identity theft, IT teams and their organizations must embrace a larger sense of vigilance, awareness, and consistency when composing themselves and interacting with others online.

More from TechRadar Pro

Bryan M Wolfe

Bryan M. Wolfe is a staff writer at TechRadar, iMore, and wherever Future can use him. Though his passion is Apple-based products, he doesn't have a problem using Windows and Android. Bryan's a single father of a 15-year-old daughter and a puppy, Isabelle. Thanks for reading!