The concept of identity has always fascinated me: it's tied to the way we define ourselves and relate to others. But I'm also constantly thinking about the ways in which we secure and manage digital identities -- and yes, that's because I'm the CEO and co-founder of a company focused on doing just that for companies around the world, but it's also because the way we think about identity is rapidly evolving. Not long ago, the primary way to prove your identity was through what you know (passwords). But today, you can also prove your identity through what you have (push notifications to your personal device) and who you are (biometric factors like fingerprints).
While targeting what you know has been a long-favored tactic of identity thieves, there's no question that their methods are becoming more sophisticated. Today, they're equally capable of targeting you through the devices you have and the biometric factors that make up who you are.
Taking time to understand these threats is the first step in making sure your team knows just how to secure their identities -- especially as more employees are using their personal devices to handle work tasks. Here are four ways identity thieves are trying to track down your company's sensitive information.
Note: The following was written by Alexa Daugherty and adapted with approval from YOU Magazine.
A Japanese study found that hackers can lift fingerprints from photos taken up to 10 feet away, giving thieves all they need to steal your identity. And it's not just fingerprints that hackers are going after. Apple's Face ID was touted as "secure and private," but a 10-year-old in New York recently found that, thanks to facial similarities, he could gain access to his mom's phone. His discovery leaves the door open for threat actors to not only potentially read texts or transfer personal funds, but expose sensitive company information stored on your phone.
For as little as .049 bitcoins (roughly $500, depending on the day), hackers can be paid to infiltrate personal computers and hold personal documents, tax returns, and photographs hostage until individual victims or large institutions pay up. U.S. hospitals were virtually held hostage by a ransomware attacker this year. The attacker demanded computer users to pay $300 to a bitcoin address to restore device access. Although personal information isn't always compromised through these attacks, it renders individuals and businesses helpless until they pay the ransom or risk losing the data have to rebuild the network.
Hackers know the word is out on phishing. They've also begun to SMiSh (SMS phishing). The term refers to "Trojan horse" text messages hackers will send to phones. When links or attachments inside the messages are opened, identity-stealing software can proceed to wreak havoc, recording passwords, fingerprints and financial data.
Wi-Fi routers are still posing problems, too. In 2008, one Santa Cruz couple began hacking into their neighbors' wireless internet routers. Over the next eight months, they created fake accounts and stole around $15,000 from more than two dozen acquaintances before neighbors pooled information and caught the couple. Hacking Wi-Fi is a criminal act, but it's actually not that difficult -- even protected Wi-Fi networks are vulnerable to attacks.
The problem with many of these hacks is that you don't know how much information was exposed until it's too late: Yahoo initially reported a data breach in 2016, but it wasn't until a year later that they realized 3 billion user accounts were exposed. We can learn from these lessons and realize that awareness of the potential threats is the first step to identifying and strengthening the weakest link in our security chain.