Security Behaviour Database
/

Data Theft

Data theft is the intentional stealing of data.

Behaviours

SB013: Reports known or suspected security incidents

SB013: Reports known or suspected security incidents

Reporting known or suspected security incidents helps protect people as well as their place of work. If the ...

SB017: Blocks browser pop-ups

SB017: Blocks browser pop-ups

Most web browsers come with a range of security options. One option is to automatically block pop-ups. Enabling ...

SB023: Enables firewalls on all compatible devices

SB023: Enables firewalls on all compatible devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB023a: Enables firewalls on all compatible workplace devices

SB023a: Enables firewalls on all compatible workplace devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB024: Enables auto-updates for workplace devices (if permitted)

SB024: Enables auto-updates for workplace devices (if permitted)

Software updates reduce exposure to known security vulnerabilities. Most devices can be set to auto-update when ...

SB025: Enables Google Play Protect (Android devices only)

SB025: Enables Google Play Protect (Android devices only)

Google Play Protect should be enabled on all Android devices. With Google Play Protect enabled, apps downloaded ...

SB025a: Enables Google Play Protect on all workplace devices (Android devices only)

SB025a: Enables Google Play Protect on all workplace devices (Android devices only)

Google Play Protect should be enabled on all workplace Android devices. With Google Play Protect enabled, apps ...

SB025b: Enables Google Play Protect on all personal devices (Android devices only)

SB025b: Enables Google Play Protect on all personal devices (Android devices only)

Google Play Protect should be enabled on all personal Android devices. With Google Play Protect enabled, apps ...

SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

SB026: Restricts the number of users with administrator privileges, and uses the administrator accounts only where necessary

User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. ...

SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop

SB031: Runs anti-virus scan if a new, unexpected icon or pop-up appears on the desktop

Unexpected icons or pop-ups on a computer’s desktop can indicate malware. Running an antivirus scan can help ...

SB032: Does not insert unauthorised devices/media into work devices/network

SB032: Does not insert unauthorised devices/media into work devices/network

Malicious USB (or other plug-in) devices can be used in cyber attacks. They can be used to upload malware, steal ...

SB035: Changes default passwords (if possible) on all internet-connected devices

SB035: Changes default passwords (if possible) on all internet-connected devices

Internet-connected or “smart” devices are often protected with default passwords. Many of these passwords ...

SB036: Secures devices with automatic screen locks

SB036: Secures devices with automatic screen locks

Devices can be protected with screenlocks (like pins, patterns and passwords). This can help prevent unauthorised ...

SB036a: Secures mobile devices with automatic screen locks

SB036a: Secures mobile devices with automatic screen locks

Mobile devices (e.g. phones and tablets) can be protected with screenlocks (like pins, patterns and passwords). ...

SB036b: Secures laptop and desktop devices with automatic screen locks

SB036b: Secures laptop and desktop devices with automatic screen locks

Laptops and desktops can be protected with screenlocks (like pins, patterns and passwords). This can help prevent ...

SB037: Locks devices when they're not in use

SB037: Locks devices when they're not in use

Locking devices when not in use prevents unauthorised access. This is especially important in common areas, such ...

SB037a: Locks mobile devices when they're not in use

SB037a: Locks mobile devices when they're not in use

Locking mobile devices when not in use prevents unauthorised access. This is especially important in common areas, ...

SB037b: Locks laptop or desktop device when not in use

SB037b: Locks laptop or desktop device when not in use

Locking laptops and desktops when not in use prevents unauthorised access. This is especially important in common ...

SB038: Shuts down devices when not in use

SB038: Shuts down devices when not in use

Shutting down a device when not in use ensures a second password is required to access it.

SB039: Turns off Bluetooth when mobile device not in use

SB039: Turns off Bluetooth when mobile device not in use

Bluetooth can be used to access devices. Turning Bluetooth off when not in use conserves battery and improves ...

SB040: Uses a virtual private network (VPN) on mobile devices

SB040: Uses a virtual private network (VPN) on mobile devices

A VPN encrypts the data sent to and from devices over the internet, preventing it being read in transit. They ...

SB041: Enables a VPN when using public Wi-Fi

SB041: Enables a VPN when using public Wi-Fi

Data sent over a public Wi-Fi network is at greater risk of being intercepted. A Virtual Private Network (or VPN) ...

SB042: Uses tethered mobile device to avoid using insecure Wi-FI

SB042: Uses tethered mobile device to avoid using insecure Wi-FI

Tethering to a mobile device is more secure than using public Wi-Fi without a VPN. 3G and 4G connections are both ...

SB043: Disables "automatically connect to Wi-Fi" on mobile devices

SB043: Disables "automatically connect to Wi-Fi" on mobile devices

Allowing devices to automatically connect to public Wi-Fi increases the chance of data being intercepted.

SB044: Enables encryption

SB044: Enables encryption

Encrypting a device prevents the data on the device from being accessed should the device be lost or stolen. Some ...

SB046: Securely removes data from devices before decommissioning

SB046: Securely removes data from devices before decommissioning

Data should be securely removed from all devices (e.g. laptops and mobile phones) before they are decommissioned. ...

SB049: Covers webcam when not in use

SB049: Covers webcam when not in use

Devices that have been compromised can have their webcams accessed. To limit further breaches to privacy and data, ...

SB063: Checks security credentials of unknown persons at work

SB063: Checks security credentials of unknown persons at work

Individuals should check the security credentials of unknown people they come into contact with in the workplace. ...

SB064: Prevents tailgating at security checkpoints

SB064: Prevents tailgating at security checkpoints

When passing through security checkpoints, people should check they are not being followed by others who do not ...

SB065: Does not share security passes or access tokens

SB065: Does not share security passes or access tokens

Sharing security passes even with "trusted" contacts creates risk. People should only ever use security passes ...

SB066: Escorts visitors to ensure they follow security policies

SB066: Escorts visitors to ensure they follow security policies

Visitors should be escorted according to organisational policies. This reduces the risk of unauthorised access to ...

SB069: Reports lost or stolen devices to IT or Security team

SB069: Reports lost or stolen devices to IT or Security team

Lost or stolen devices should be reported immediately. This allows the device to be locked or remotely wiped to ...

SB074: Uses a private browsing on shared devices

SB074: Uses a private browsing on shared devices

If workplace devices are shared between colleagues, private browsing should be enabled by default. This means ...

SB080: Verifies caller details from unexpected calls

SB080: Verifies caller details from unexpected calls

Criminals sometimes use phone calls to try and elicit sensitive information from people. This is called 'Vishing'. ...

SB081: Checks instant messages for signs of deception

SB081: Checks instant messages for signs of deception

Criminals will often use instant messaging (e.g. Whatsapp, Facebook and Slack) as an attack vector. Unexpected ...

SB082: Uses known contact details to verify suspicious messages

SB082: Uses known contact details to verify suspicious messages

Contact details can be spoofed. Receiving a message that breaks any norms should be met with suspicion. Using ...

SB083: Checks before “blindly” forwarding messages to workplace contacts

SB083: Checks before “blindly” forwarding messages to workplace contacts

Messages from workplace contacts are more likely to be trusted than messages from other sources. Forwarding ...

SB087: Reports suspicious messages (e-mails, texts, phone calls)

SB087: Reports suspicious messages (e-mails, texts, phone calls)

Suspicious messages received via email, text or phone should be reported to a single point of contact. This allows ...

SB088: Checks emails for signs of deception

SB088: Checks emails for signs of deception

Criminals will often use emails as an attack vector. Unexpected emails should always be checked for malicious ...

SB089: Does not share MFA codes

SB089: Does not share MFA codes

Doesn't share MFA codes (including verfication codes and OTPs) with other people, preventing them from accessing ...

SB091: Does not forward work information to personal email addresses

SB091: Does not forward work information to personal email addresses

Does not forward any work-related emails to their personal email addresses. This ensures that sentisive ...

SB092: Returns allocated devices when no longer needed

SB092: Returns allocated devices when no longer needed

Returns allocated office equipment when no longer needed. This prevents idle devices from going into the wrong ...

SB094: Does not use personal devices for work unless authorised to do so

SB094: Does not use personal devices for work unless authorised to do so

Has separate work and personal devices. Only uses personal devices for work if authorised by the employer, using ...

SB095: Does not share film recordings or photos from work locations

SB095: Does not share film recordings or photos from work locations

Sharing photos, videos or posting descriptive information about your workplace through your personal online ...

SB096: Does not carry sensitive work information or unauthorised devices to countries with high security risks

SB096: Does not carry sensitive work information or unauthorised devices to countries with high security risks

Does not carry sensitive work information or unauthorised devices to countries with high secuirty risks. Carrying ...

SB100: Takes additional measures to prevent eavesdropping when working outside the office

SB100: Takes additional measures to prevent eavesdropping when working outside the office

Ensures smart devices are turned off or not in the vicinity when discussing sensitive workplace information.

SB105: Uses a security key

SB105: Uses a security key

Security keys are USB keys or dongles that work as an advanced form of multi-factor authentication. Using them ...

SB151: Does not use weak passwords

SB151: Does not use weak passwords

Using a weak password puts an account at risk of data breaches, takeovers, and various cyberattacks. Some sites ...

SB156: Discloses credentials to a phishing site

SB156: Discloses credentials to a phishing site

Disclosing credentials to a phishing site places the individual and their organisation at risk of account ...

SB156a: Discloses credentials to a simulated phishing site

SB156a: Discloses credentials to a simulated phishing site

Disclosing credentials to a phishing site places the individual and their organisation at risk of account ...

SB159: Does not click a phishing link

SB159: Does not click a phishing link

Clicking on a phishing link could lead you to a fake website that asks for private credentials, or tricks you into ...

SB161: Reports a suspected phishing email

SB161: Reports a suspected phishing email

Reporting phishing emails notifies IT or security teams that employees are being targeted by cyber attackers. ...

SB161b: Reports a simulated phishing email

SB161b: Reports a simulated phishing email

Reporting phishing emails notifies IT or security teams that employees are being targeted by cyber attackers. ...

SB163: Does not open a phishing email

SB163: Does not open a phishing email

Some phishing emails include macros that autorun on opening. Even though these cases are rare, if possible it is ...

SB163a: Does not open a simulated phishing email

SB163a: Does not open a simulated phishing email

Opening a simulated phishing email informs the IT or security team that employees might be at risk of taking ...

SB164: Does not open an attachment in a phishing email

SB164: Does not open an attachment in a phishing email

Opening attachments on phishing emails could lead to malware infections and cyberattacks.

SB164a: Does not open an attachment in a simulated phishing email

SB164a: Does not open an attachment in a simulated phishing email

Opening an attachement in a simulated phishing email informs the IT or security team that employees might be at ...

SB177: Does not lose device through theft or negligence

SB177: Does not lose device through theft or negligence

Losing devices containing sensitive information through theft or negligence increases the likelihood of cyber ...

SB177a: Does not lose mobile device through theft or negligence

SB177a: Does not lose mobile device through theft or negligence

Losing a mobile phone or tablet containing sensitive information through theft or negligence increases the ...

SB177b: Does not lose laptop/desktop through theft or negligence

SB177b: Does not lose laptop/desktop through theft or negligence

Losing laptops/desktops containing sensitive information through theft or negligence increases the likelihood of ...

SB182: Does not send sensitive information out of the business (email or otherwise)

SB182: Does not send sensitive information out of the business (email or otherwise)

Sending sensitive information out of business increases the risk that it might fall into the hands of people not ...

SB183: Does not send emails to unintended recipient(s)

SB183: Does not send emails to unintended recipient(s)

Sending emails to the incorrect recipient increases the chance of sensitive company or personal information being ...

SB184: Does not share a file containing confidential information

SB184: Does not share a file containing confidential information

Sharing files containing confidential information might increase the risk that unauthorised individuals see or ...

SB185: Does not post confidential information in a public messaging channel

SB185: Does not post confidential information in a public messaging channel

Posting confidential information in a public messaging channel can be viewed by anyone and could be leaked ...

SB186: Does not post PII in a public channel

SB186: Does not post PII in a public channel

Posting Personally identifiable information (PII) in a public channel allows anyone to view the information and ...

SB187: Does not share a file containing PII

SB187: Does not share a file containing PII

Sharing files containing Personally identifiable information (PII) could expose PII to someone other than the ...

SB188: Does not share sensitive information with unauthorised recipients

SB188: Does not share sensitive information with unauthorised recipients

Sharing sensitive information with unauthorised recipients is harmful for the company and places the integrity of ...

SB189: Does not use unapproved applications on work devices

SB189: Does not use unapproved applications on work devices

Using unapproved applications on devices may be harmful. They could cause your device to run slower, introduce ...

SB198: Does not use unapproved device for work purposes

SB198: Does not use unapproved device for work purposes

Using unapproved devices for work purposes increases security risks. This could be for a variety of reasons ...

SB198a: Does not use unapproved mobile device for work purposes

SB198a: Does not use unapproved mobile device for work purposes

Using unapproved mobile devices for work purposes increases security risks. This could be for a variety of reasons ...

SB202: Stores documents appropriately for their level of sensitivity

SB202: Stores documents appropriately for their level of sensitivity

Documents should be stored in a manner that is appropriate for their level of sensitivity. Organisations are ...

SB203: Uses biometrics to access online account

SB203: Uses biometrics to access online account

People can access devices and accounts with biometric information (e.g. a fingerprint or facial scan). The unique ...

SB204: Uses biometrics to access mobile device

SB204: Uses biometrics to access mobile device

People can access devices and accounts with biometric information (e.g. a fingerprint or facial scan). The unique ...

Case study

Opshare Talent Solutions

In 2018, three former employees of Opshore Talent Solutions, an Indian recruitment consultancy, were arrested for data theft.

While employed by the consultancy, the trio stole information from their employer’s client database. The employees then resigned and set up their own recruitment consultancy.

Opshore Talent Solutions became suspicious after losing clients to the former employees. They reported their suspicions, and an investigation led to the arrest of the three men. All pleaded guilty to the accusations.

Opshore did not monitor data transfers within their organisation, nor did they check whether resigned or former employees still had access to the company records. The company also allowed employees to use personal computers in the workplace, which gave employees access to confidential information via personal devices.

UnityPoint Health

In 2018, UnityPoint Health suffered the biggest US health data breach of the year following two phishing attacks.

Criminals posed as a trusted executive and emailed employees to trick them into providing login information. Later investigations showed the fraudsters were trying to divert payroll and vendor payments to their own accounts.

The scam compromised the details of 1.4 million UnityPoint patients. The data included names, addresses, medical data, treatment information, lab results, insurance information, payment details and Social Security numbers.

Victims sued UnityPoint. They agreed to a $2.8 million settlement payment.

Learning from such a costly mistake, representatives from the health system stressed the importance of preventative measures. These include resetting the passwords of compromised accounts, implementing cyber security awareness training for employees, and enabling multi-factor authentication.

Nintendo

In 2020, criminals gained access to 300,000 Nintendo Switch accounts after stealing people’s login IDs and passwords. The accounts stored personal information like birthdays and email addresses.

After hacking the Switch accounts, the fraudsters also gained access to victims’ Nintendo Network IDs. They then used stored payment information to make fraudulent purchases via Nintendo’s official online store.

At first, the attack affected 160,000 Switch users. The figure rose to 300,000 as time went on.

Nintendo refunded fraudulent purchases and disabled logins as part of the recovery operation. They advised victims to reset their passwords and to avoid storing personal and sensitive information in online accounts.

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd