HUB TechMinutes

Business technology news, tips and events.

HUB TechMinutes

Better business through better information.
4 minutes reading time (711 words)

A Recent Data Theft Shows Us What to Watch Out For

A Recent Data Theft Shows Us What to Watch Out For

Trend Micro, the developer of the popular antivirus program, has attracted some unwanted attention after a former employee managed to steal customer data and sell it to scammers. These scammers then use this data to call Trend Micro customers. If you use Trend Micro’s antivirus solutions, you’re going to want to pay close attention to any calls you get.

What Happened?

We aren’t shy about informing our clients about the potential dangers of allowing access to more than an employee needs to do their job. This is a practical example of why we say that.

The (now former) Trend Micro employee was able to access more data than they needed to have. Trend Micro provided a pretty succinct explanation of the situation, saying that the employee was able to “gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved…”

The perpetrator's name has not yet been made public, but whoever they were, they were able to bypass Trend Micro’s internal protections.

Consider what it would take for a phone scam to really be convincing: really, if you were called by someone from “Trend Micro” who knew who you were and that you were a user of their product, you wouldn’t have much reason to doubt them, would you? The data that was up for grabs at Trend Micro contained much more information than that, making it potentially even more valuable to a cybercriminal or scam artist.

You Need to Watch Out for Unsolicited Tech Support Calls

As you might imagine, this scam has been around for about as long as there have been personal computers and is in no way exclusive to Trend Micro customers. Tech support scams have been used to target users for years, often profiling users by their age to find victims more likely to fall for the ruse. Combining this profiling with scare tactics and put-on urgency, the scammer is able to shock their target into handing over their credit card information or allowing the scammer to access their PC remotely.

It isn’t uncommon for these scammers to identify themselves as a member of some “Microsoft Windows support team” or another support company. If the targeted business is big enough, a scammer may just claim to be from the IT department.

This is why you have to be sure that all of your employees know how to have their technology support questions addressed through the right channels.

You Also Need to Keep Your Employees from Accessing More than They Need

Take a critical look at the permissions you afford your employees as far as your network is concerned. How accessible are the folders you store your sensitive information in, like a client’s personal data or financial information?

Best practices dictate that an employee only be given access to what they need to do their job, while common sense dictates that you can’t make an employee’s job too difficult for them, either. Striking a balance between the two can be tricky but working with your IT provider to establish permissions makes it far easier.

If you want to avoid potentially running into a similar situation as Trend Micro did, enforcing security policies is a step you need to take. Doing so should include access control to certain files and areas of your network, requiring MFA/2FA (multifactor/two-factor authentication), and quite a bit of planning to put it all together. However, if it keeps your data safe from threats (inside and out), it’ll be worth the damage control you get to avoid.

If you could use some assistance in securing your network and educating your employees about how scams can be identified, contact HUB Technology Solutions at This email address is being protected from spambots. You need JavaScript enabled to view it. 

Training Has to Be a Big Part of a Cybersecurity S...
Start Using Two-Factor Authentication Everywhere, ...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Guest
Wednesday, December 11, 2019

Captcha Image

Get Updates On Our New Blog Posts!

Book your free introductory consultation now.

Let's Talk

Happy Clients

Don't Miss Our Next Newsletter!

Subscribe to our free monthly newsletter! It's packed with valuable information, useful tips, and important security alerts.
* indicates required
Your email address is secure with us - we never share our subscriber information.

HUB Tech Minutes

11 December 2019
Mobile devices haven’t been known to have a lot of faults when it comes to security, but when a really bad malware attack does happen, the best solution may be to wipe the device and start over from a factory reset. Currently, there is a malware targ...
10 December 2019
While the major holiday shopping days have passed us by, many people are still looking for that perfect gift often using the Internet to find it. While online shopping is certainly more convenient, it can also be dangerous. To help keep you safe this...
05 December 2019
In days, Microsoft is pulling the plug on both Windows 7 and Windows Server 2008 R2. If your business still has to move away from this software, you need to act today. The consequences for not moving away from these titles can be absolutely dire for ...