Every person has a unique footprint. Each foot has a unique set of ridges that make one person’s distinct from another. When a person walks in the sand, a unique impression is embedded into the surface until wind, rain, or waves wash it away forever. When employees interact online, there is also a unique, digital footprint of information left behind. This individualized identity is crafted and revised based on attributes and characteristics of user behavior captured both within the organization and externally as they interact online. Even when an employee leaves, their digital footprints (i.e., identity) never disappear completely.
Employees posting on social media platforms isn’t necessarily a bad thing, but when confidential information or an organization’s IP is at risk, that is another story. Companies need policies and procedures clearly outlined within the organization for all employees to adhere to and respect. Here’s why.
If a hacker has access to an employee’s PC or smartphone, they start with their search history (employee browsing habits), which form pieces to a puzzle when targeting a corporation. Much of this information has geo-location data, which can be useful in physical break-ins to steal IP or to simply place malware directly onto a local PC network for monitoring and collecting login credentials. The risk level of such actions is only magnified when those attacked are privileged users with administrative privileges.
Sizing Up the Enemy
There are many strains of malware (malicious software), but one of the most invasive and effective is the keylogger: spyware that secretly logs every keystroke you make on your keyboard. It’s like allowing a hacker to look over your shoulder all day to see your login credentials, passwords, banking information, credit card data, and your most intimate messages to loved ones. And it doesn’t matter whether your messaging platform is fully encrypted because keyloggers allow hackers to see every keystroke before it even reaches the other party.
Keyloggers began as discreet hardware that employers or suspicious spouses might use to verify a hunch. The original hardware implementations came in the form of USB sticks that required physical access to the user’s computer so most hackers were not so keen on using them. Modern keyloggers come in the form of spyware, but how does it get on your computer?
The most common ways to get keyloggers onto any PC are through phishing, email attachments, file sharing sites, or bundling the keylogger with other software. All of these methods involve some degree of social engineering so unknown or unvented sources should always be avoided when possible. How can you tell if a keylogger is installed on your PC?
One telltale sign of an installed software keylogger (or other form of malware) on your PC is slower than usual web browsing, mouse clicks or keystrokes that sometimes pause before showing up on the screen. So how can you protect yourself?
Protecting Your Digital Footprints
One way to reduce such risk is by using a trusted malware scanner. Most malware (including keyloggers) will be detectable by any up-to-date security software. I always recommend using two-step verification. If your login credentials are compromised, the additional step of requiring physical access to another device will further protect you. Using a solid password manager also helps. Password manager tools will automatically input your passwords for you so there are typically no keystrokes available for a keylogger to record. Even as a consumer who performs online banking, online shopping, and inputting other personal data, you should consider using anti-keylogging software. That’s right, there’s a new breed of cybersecurity defense systems in the form of anti-keyloggers. This software resides unobtrusively on any PC and encrypts every single keystroke BEFORE it even hits the screen.
Anti-keylogging software is just one way to help reduce vulnerabilities. There are many other traditional ways such as blacklisting specific executables or websites to reduce risk. The newer trend is around whitelisting: only allowing approved executables and websites to be accessed by employees. There are also a variety of other anti-virus and malware solutions on the market. Bottom line is, there is no one perfect way to reduce your cybersecurity risk; organizations need a multi-pronged approach.
Hackers have identified the value of “stealing” employee identities for malicious activities. It is now time that organizations and employees themselves focus on protecting their digital footprints to reduce vulnerabilities. Organizations and their employees need to be proactive in educating everyone on best security practices, as well as implementing strategies to actively combat growing threats such as malware and keyloggers.