It's fast becoming a trend to flash your business card in appreciation of the company you are quitting or flashing the new identity card and the welcome kit at your new workstation. In all this excitement, you don't even realize that you are making yourself and your organization (former or present) vulnerable to cyber crime.
Impersonation
The information on the identity card and business card is verified information, which allows cyber criminals to clone them and gain illegitimate access into the business network. Apart from the name and department of the employee, many identity cards include the employee number, blood group, and even phone number of a person who can be contacted in emergency. All of this information is a treasure for cyber criminals who can stitch together pieces of information for impersonation and other criminal purposes.
Email attacks
The email address, company phone with extension numbers, and often even fax numbers on the business cards provide cyber criminals with enough data to plan a break-in. Since they can learn the email format used in the company, they can create bogus email IDs to fool the employees. They can resort to business email compromise (BEC) to impersonate emails from the C-suite executives. They can even send emails to the HR requesting information about the company's internship programs. Usually HR is prompt in providing such answers complete with details of the people who can be contacted—with their full names, email addresses and phone numbers (extensions).
Social engineering
Cyber criminals are aware that employees are now wary of sharing their login credentials or passwords on emails. As a result, they now pretend to be calling from the IT department and ask the employee to update the login information on a specified portal. The common pretext used is that the update is critical on account of an organization-wide upgrade. Once the employee logs into that portal, cyber criminals not only steal the login details but can also learn about the IP address and the browser being used!
Compromise business networks
All of these bits of information, collated in a matter of time, can be stitched together to help create a powerful phishing campaign. Sophisticated criminals can leverage technology to compromise the web-facing applications and break into the organization's business network causing financial losses as well as disrupting business activity.
A crisis in the making
While your social media network may wish you well when you feel nostalgic about the company you are quitting or are excited about your new innings, there are prying eyes ready to steal this information and use it against you and your company. The seemingly innocent act on social media can open up an avenue for cyber attack, which can snowball into a huge crisis.
Resist the temptation to post
Since you are reading this and are aware of the impact it can have, you will resist the temptation to post details of your ID/business card on social media. If you see someone doing it, do educate her/him of the serious consequences it can have.
In the next post, we will look at other ways employees accidentally leak information that can be dangerous to their organizations.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.