How VPNs can prevent identity theft in a business
In the first six months of 2017, there were 89,000 recorded cases of identity fraud in the UK and of these, 83% were perpetrated online. The actual number of cases related to identity fraud is likely to be much, much higher.
According to Simon Dukes, the chief executive of Cifas – the UK’s leading fraud prevention service – identity theft is “reaching epidemic levels” and becoming an increasingly common problem in the UK.
Indeed, identity fraud is one of the fastest-growing types of cyber crime. Fraudsters, empowered by new digital technologies, are using more sophisticated tactics to obtain identity information such as hacking into email accounts and intercepting data in transit.
In many of these cases, victims do not even realise they have been targeted or are a victim of identity theft until they receive a bill for a product they never bought or money has been siphoned from their bank account, for instance.
Amongst the most targeted groups for identity theft are company directors. Using the UK’s Companies House as a resource, fraudsters have been able to target top level employees en masse. Company directors are, according to the Financial Times, “twice as likely as other members of the public to be victims of identity theft.”
Indeed, identity theft and business go hand in hand. As a result of the number identity theft cases involving company directors, the government has introduced new laws to protect company directors from identity fraud. These laws make it easier for company directors to remove personal addresses from the company register on Companies House, while ensuring transparency.
All businesses – particularly small and medium-sized businesses (SMBs) – are at risk of identity theft. Cyber criminals see more opportunities with SMBs because they may believe they are too small to be targeted, have nothing worth stealing, or nothing to lose. As a result, many SMBs do not invest in robust online security and are surprised when they are targeted by cyber criminals or find out that C-level executives have been impersonated.
How can hackers obtain identity information from your employees?
Now more than ever, and especially for SMBs, having some form of online security to prevent identity theft is crucial. Throughout the day, you and your employees access your business cloud and cloud-based services from the office, at home or remotely. While your business’ office connections are secure (if they are not, they should be!) and can only be accessed by authorised employees, home and remote connections may not have been configured to ensure the same level of security.
- Public WiFi
Unsecured public WiFi connections, such as those found at an airport, café or coffee shop, for example, can be used and accessed by anyone as they have no security protocols enabled i.e. WPA, WPA2, WEP. What this means is that any device can connect to the network, and any connected device can easily “eavesdrop” on the data communications being sent to and from devices.
- Rogue hotspots
Referred to by security experts as a “Man-in-the-Middle” attack, hackers set up fake (but legitimate-sounding) public WiFi connections – referred to as “rogue hotspots” – and wait for you to connect. The moment you connect, they will instantly have access to your device. Alternatively, hackers can sit on public WiFi networks and eavesdrop on communications to and from devices on the network to siphon crucial data and device information.
- Home networks
Similarly, employees who are not “tech savvy” may not necessarily have set up their home WiFi network with a security protocol (WPA, WPA2, WEP) or used media access control (MAC) addresses – unique identifiers given to devices – to allow specific devices access. They purchase a new modem and router, hook them up, enable the WiFi and connect. The unfortunate result, however, is that anyone can access the network – in this instance, a hacker – and “listen in” on communications.
Another tactic hackers use on unsecured connections is “sniffing”. Sniffing involves capturing, decoding, and analysing the information inside a network packet on a transmission control protocol/internet protocol (TCP/IP) network. TCP/IP packets contain vital information required for two network interfaces to communicate with each other, so a sniffer attack is where a hacker captures these packets to find out information like passwords, account information and other important details.
Using VPNs to prevent identity theft in your business
If you aren’t scared by all of the above – you should be. Identity theft is a real concern for you, your employees and your business. For too long businesses – SMBs in particular – have buried their heads in the sand and convinced themselves that online security isn’t essential.
The above issues can, however, be mitigated with a VPN service or solution that’s tailored to meet your business’ needs – if you want to find out more about VPN services and their benefits, click here.
A VPN offers a secure way to connect to the Internet and encrypts all the data transferred between a device/machine and the VPN server. What this means is that anyone attempting to look at the data being sent to and from your computer will find that they can’t because it’s encrypted – only your device and the VPN server have the encryption and decryption keys.
By using a VPN whilst connected to an unsecured network, you ensure that any data you send is encrypted and private and therefore protected. Passwords, login details, identity information, device information – you name it – your crucial details are protected when you use a VPN.
If your employees work at home or remotely, deploying a VPN solution for your business to prevent identity theft is most certainly a step in the right direction.
In our eBook, Dispelling the cyber security delusion in small businesses, we address the online risks SMBs expose themselves to by not having appropriate online security or a VPN to protect their employees and critical business data in transit.