Security Behaviour Database
/

Data Theft

Data theft is the intentional stealing of data.


Behaviours

Enabling fingerprint or facial login for devices and/or accounts

Enabling fingerprint or facial login for devices and/or accounts

People can access devices and accounts with biometric information (such as a fingerprint or facial scan). The ...

Reporting security incidents

Reporting security incidents

Reporting known or suspected security incidents helps protect the workplace. If the incident is reported early, IT ...

Blocking pop-ups

Blocking pop-ups

Most web browsers come with a range of security options. One option is to automatically block pop-ups. Enabling ...

Enabling firewalls

Enabling firewalls

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

Enabling auto-updates

Enabling auto-updates

Software updates reduce exposure to known security vulnerabilities. Most devices can be set to auto-update when ...

Enabling Google Play Protect

Enabling Google Play Protect

Google Play Protect should be enabled on all Android devices. With Google Play Protect enabled, apps downloaded ...

Restricting administrator privileges

Restricting administrator privileges

User accounts have fewer privileges than administrator accounts. User accounts deny malware escalated permissions. ...

Running antivirus if a new icon or desktop pop-up appears

Running antivirus if a new icon or desktop pop-up appears

Unexpected icons or pop-ups on a computer’s desktop can indicate malware. Running an antivirus scan can help ...

Doesn't plug unknown devices into work devices

Doesn't plug unknown devices into work devices

Malicious USB (or other plug-in) devices can be used in cyber attacks. They can be used to upload malware, steal ...

Changing default passwords

Changing default passwords

Internet-connected or “smart” devices are often protected with default passwords. Many of these passwords ...

Using a screen lock

Using a screen lock

Mobile devices can be protected with screenlocks (like pins, patterns and passwords). This can help prevent ...

Locking devices

Locking devices

Locking devices when not in use prevents unauthorised access. This is especially important in common areas, such ...

Shutting down devices when not in use

Shutting down devices when not in use

Shutting down a device when not in use ensures a second password is required to access it.

Turning off Bluetooth

Turning off Bluetooth

Bluetooth can be used to access devices. Turning Bluetooth off when not in use conserves battery and improves ...

Using a VPN

Using a VPN

A VPN encrypts the data sent to and from devices over the internet, preventing it being read in transit. They ...

Tethering a laptop

Tethering a laptop

Tethering to a mobile device is more secure than using public Wi-Fi without a VPN. 3G and 4G connections are both ...

Disabling "automatically connect to Wi-Fi" on mobile devices

Disabling "automatically connect to Wi-Fi" on mobile devices

Allowing devices to automatically connect to public Wi-Fi increases the chance of data being intercepted.

Enabling encryption

Enabling encryption

Encrypting a device prevents the data on the device from being accessed should the device be lost or stolen. Some ...

Securely removes data from a devices before decommissioning

Securely removes data from a devices before decommissioning

Data should be securely removed from devices before they are decommissioned. This prevents data being recovered ...

Using a webcam cover

Using a webcam cover

Devices that have been compromised can have their webcams accessed. To limit further breaches to privacy and data, ...

Checking unknown people's details or security passes

Checking unknown people's details or security passes

Individuals should check the security credentials of unknown people they come into contact with in the workplace. ...

Preventing tailgating at security checkpoints

Preventing tailgating at security checkpoints

When passing through security checkpoints, people should check they are not being followed by others who do not ...

Does not share work passes

Does not share work passes

Sharing security passes even with "trusted" contacts creates risk. People should only ever use security passes ...

Escorting visitors and ensuring they follow security policies

Escorting visitors and ensuring they follow security policies

Visitors should be escorted according to organisational policies. This reduces the risk of unauthorised access to ...

Reporting lost or stolen devices

Reporting lost or stolen devices

Lost or stolen devices should be reported immediately. This allows the device to be locked or remotely wiped to ...

Using private browsing windows

Using private browsing windows

If workplace devices are shared between colleagues, private browsing should be enabled by default. This means ...

Verifying callers

Verifying callers

Criminals sometimes use phone calls to try and elicit sensitive information from people. In instances where ...

Doesn't click links in unexpected texts

Doesn't click links in unexpected texts

Criminals will often use instant messaging as an attack vector. Unexpected messages should always be checked for ...

Verifying messages

Verifying messages

Contact details can be spoofed. Receiving a message that breaks any norms should be met with suspicion. Using ...

Checking emails before forwarding them

Checking emails before forwarding them

Messages from workplace contacts are more likely to be trusted than messages from other sources. Forwarding ...

Reporting suspicious messages

Reporting suspicious messages

Suspicious messages received via email, text or phone should be reported to a single point of contact. This allows ...

Checking emails for signs of deception

Checking emails for signs of deception

Criminals will often use emails as an attack vector. Unexpected emails should always be checked for malicious ...

Case study

Opshare Talent Solutions

In 2018, three former employees of Opshore Talent Solutions, an Indian recruitment consultancy, were arrested for data theft.

While employed by the consultancy, the trio stole information from their employer’s client database. The employees then resigned and set up their own recruitment consultancy.

Opshore Talent Solutions became suspicious after losing clients to the former employees. They reported their suspicions, and an investigation led to the arrest of the three men. All pleaded guilty to the accusations.

Opshore did not monitor data transfers within their organisation, nor did they check whether resigned or former employees still had access to the company records. The company also allowed employees to use personal computers in the workplace, which gave employees access to confidential information via personal devices.

UnityPoint Health

In 2018, UnityPoint Health suffered the biggest US health data breach of the year following two phishing attacks.

Criminals posed as a trusted executive and emailed employees to trick them into providing login information. Later investigations showed the fraudsters were trying to divert payroll and vendor payments to their own accounts.

The scam compromised the details of 1.4 million UnityPoint patients. The data included names, addresses, medical data, treatment information, lab results, insurance information, payment details and Social Security numbers.

Victims sued UnityPoint. They agreed to a $2.8 million settlement payment.

Learning from such a costly mistake, representatives from the health system stressed the importance of preventative measures. These include resetting the passwords of compromised accounts, implementing cyber security awareness training for employees, and enabling multi-factor authentication.

Nitendo

In 2020, criminals gained access to 300,000 Nintendo Switch accounts after stealing people’s login IDs and passwords. The accounts stored personal information like birthdays and email addresses.

After hacking the Switch accounts, the fraudsters also gained access to victims’ Nintendo Network IDs. They then used stored payment information to make fraudulent purchases via Nintendo’s official online store.

At first, the attack affected 160,000 Switch users. The figure rose to 300,000 as time went on.

Nintendo refunded fraudulent purchases and disabled logins as part of the recovery operation. They advised victims to reset their passwords and to avoid storing personal and sensitive information in online accounts.

SebDB is brought to you byCybSafe| © 2020 CybSafe Ltd