We all use our work email address and password (with some variation) to access the tools to run our business and personal lives. As you can now see, with only an email address, a password and a search engine, the bad guys can perfectly spearfish, social engineer, hack, exploit or just flat out start opening credit cards in your or your business’s name.
Because regulatory agencies won’t prevent access to our online data for the foreseeable future, and because hackers will never stop hacking, the only way to fight this battle is through education, monitoring and alerting. It’s time we all stop thinking, “it will never happen to me.” If it does and goes undetected, by the time you find out it will most certainly be too late.
Take control of your digital credentials.
Make employer-paid identity monitoring part of your cybersecurity defense.
Chances are, you’ve come across cleverly-crafted ads on sites like CNN.com, Facebook, Yahoo and others that say something like, “Use this site to find out anything… about anyone.” If you are like most good citizens, you probably passed up on the opportunity to use one of these sites to dox, or to search for and publish private or identifying information about an individual on the Internet, typically with malicious intent. Good for you!
Unfortunately, maliciously-minded individuals and well-funded organized crime syndicates don’t believe in the 11th Commandment: Thou shalt not use publicly-available data to exploit, social engineer, embarrass, bankrupt or destroy a person or organization.
Before reading any further, take a minute to do a quick search on yourself and your loved ones using 1-2 of the sites listed below. This is in no way an endorsement of these sites and how they use their access to publicly-available information, but rather for demonstration and educational purposes.
- www.truepeoplesearch.com/ – Enter your name, city and state
- pipl.com – Enter your name, city and state
- www.spokeo.com/email-search – Enter your email address
These are just a few of the ~200 sites on the “surface web” that leverage virtually unregulated access to publicly-available information.
Stealing a person’s identity can be a relatively low-tech activity that just about anyone with access to a web browser can perfect. One doesn’t need to don the ubiquitous hacker hoodie and camp-out on the Dark Web to wreak havoc on you and your business. Thanks to weakened privacy laws, access to “public information,” and the explosion in big data aggregation technologies, your average unsuspecting adult is highly at risk. We can now safely say that, if it hasn’t already happened to you or someone you know, the bomb is ticking…
Why is this issue worse for you and your customers?
According to the Small Business Administration, there are roughly 28 million “small businesses” in the United States. The U.S. Census Bureau says that 99.7% of employers have fewer than 500 employees. Additionally, 89.4% of them have fewer than 20 employees. These businesses and their employees fall below what we at ID Agent have coined, the “cyber poverty line.” Meaning, their general awareness of how vulnerable they really are, and lack of access to security tools, training and education makes them perfect targets for exploit.
Combine this with the fact that most people have completely integrated their personal and professional identities online, an exploit becomes far too easy for the bad guys.
Everything about you and your business is being tracked online and harvested into big data repositories.
The bad actors know that you, your customers and their employees can be careless with personal information.
They also know that you likely have higher credit card limits and credit lines, and access to a ton of valuable personal information, intellectual property and business secrets.
And, because you and your employees may have poor cyber hygiene habits, like using your work email and rotating 2 or 3 passwords you can easily remember, your breachability score is off the charts!