The intricate details revolving around the security of personal and corporate accounts are often times not fully realized or understood and the measures to harden the security of a corporation are not done proactively but rather reactively. Account security can be compromised by something as simple as logging into an account from a public WAP (Wireless Access Point).
- Threat-Public WAP: For those that access their private or corporate accounts via public WAP are running a very high risk of compromising their PII through an “evil twin” attack. An example of how quickly and easily one of these attacks can be mounted from a savvy data thief lying in wait at your local Starbucks, together: a device called WiFi Pineapple and a program called Karma can automate the creation of an “evil twin” access points and start collecting (your) data.
- Threat-B.Y.O.D (Bring Your Own Device): Another [Insider] threat to any business is an employee’s smartphone being plugged into an office computer via USB. This can essentially initiate a cellular broadcast of the computers data.
A proactive approach to hardening corporate security will not eliminate ALL threats and anomalies, it will however greatly reduce incidents, problems, events, etc.