A Recent Data Theft Shows Us What to Watch Out For - HUB TechMinutes

HUB TechMinutes

Business technology news, tips and events.

HUB TechMinutes

Better business through better information.
4 minutes reading time (711 words)

A Recent Data Theft Shows Us What to Watch Out For

A Recent Data Theft Shows Us What to Watch Out For

Trend Micro, the developer of the popular antivirus program, has attracted some unwanted attention after a former employee managed to steal customer data and sell it to scammers. These scammers then use this data to call Trend Micro customers. If you use Trend Micro’s antivirus solutions, you’re going to want to pay close attention to any calls you get.

What Happened?

We aren’t shy about informing our clients about the potential dangers of allowing access to more than an employee needs to do their job. This is a practical example of why we say that.

The (now former) Trend Micro employee was able to access more data than they needed to have. Trend Micro provided a pretty succinct explanation of the situation, saying that the employee was able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”

The perpetrator's name has not yet been made public, but whoever they were, they were able to bypass Trend Micro’s internal protections.

Consider what it would take for a phone scam to really be convincing: really, if you were called by someone from “Trend Micro” who knew who you were and that you were a user of their product, you wouldn’t have much reason to doubt them, would you? The data that was up for grabs at Trend Micro contained much more information than that, making it potentially even more valuable to a cybercriminal or scam artist.

You Need to Watch Out for Unsolicited Tech Support Calls

As you might imagine, this scam has been around for about as long as there have been personal computers and is in no way exclusive to Trend Micro customers. Tech support scams have been used to target users for years, often profiling users by their age to find victims more likely to fall for the ruse. Combining this profiling with scare tactics and put-on urgency, the scammer is able to shock their target into handing over their credit card information or allowing the scammer to access their PC remotely.

It isn’t uncommon for these scammers to identify themselves as a member of some “Microsoft Windows support team” or another support company. If the targeted business is big enough, a scammer may just claim to be from the IT department.

This is why you have to be sure that all of your employees know how to have their technology support questions addressed through the right channels.

You Also Need to Keep Your Employees from Accessing More than They Need

Take a critical look at the permissions you afford your employees as far as your network is concerned. How accessible are the folders you store your sensitive information in, like a client’s personal data or financial information?

Best practices dictate that an employee only be given access to what they need to do their job, while common sense dictates that you can’t make an employee’s job too difficult for them, either. Striking a balance between the two can be tricky but working with your IT provider to establish permissions makes it far easier.

If you want to avoid potentially running into a similar situation as Trend Micro did, enforcing security policies is a step you need to take. Doing so should include access control to certain files and areas of your network, requiring MFA/2FA (multifactor/two-factor authentication), and quite a bit of planning to put it all together. However, if it keeps your data safe from threats (inside and out), it’ll be worth the damage control you get to avoid.

If you could use some assistance in securing your network and educating your employees about how scams can be identified, contact HUB Technology Solutions at This email address is being protected from spambots. You need JavaScript enabled to view it. 

Training Has to Be a Big Part of a Cybersecurity S...
Start Using Two-Factor Authentication Everywhere, ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Monday, July 06, 2020

Captcha Image

Get Updates On Our New Blog Posts!

Book your free introductory consultation now.

Let's Talk

Happy Clients

Don't Miss Our Next Newsletter!

Subscribe to our free monthly newsletter! It's packed with valuable information, useful tips, and important security alerts.
* indicates required
Your email address is secure with us - we never share our subscriber information.

HUB Tech Minutes

03 July 2020
Over the past few years, VoIP has become an extremely popular solution for small businesses. In fact, 30 percent of today’s businesses use some sort of VoIP platform. There are many reasons why businesses are making the switch to VoIP. Today, we’ll e...
02 July 2020
As restrictions have started to ease and business returns to some semblance of normal, organizations are left picking up the pieces of a disaster that almost none of them planned for. Let’s look at some tips on how to get your business back being the...
30 June 2020
With months and months of bad news, many businesses are trying to find the right recipe to keep from having to make the hard decisions. Problem is that these hard decisions are looking as if they are going to be inevitable. With costs rising and reve...