3 ways users are leaking sensitive data now

Users are your best security asset, but sometimes their actions can make them your worst nightmare. Here are three recent cases that highlight the importance of an attentive and security-conscious user base. 

1. Sending private information

Not all data breaches are the result of phishing or advanced persistent threats. Carelessness can be just as devastating.

News accounts have recently uncovered an incident where an Australian employee sent passport information and visas for world leaders who attended the G20 Summit in Brisbane, Australia.

The error happened because the employee:

“failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.”

Email nightmares are nothing new. Most everyone has been on the sending or receiving end of one of them.

The best piece of advice: Remind users that they should always take a few seconds to think carefully about the contents of an email before hitting send.

Barring that, make sure sensitive information that must be sent out over email is password-protected or encrypted first.

2. Not reading carefully

Premera and Anthem, two major healthcare organizations, were both breached in very similar ways, according to reports. One of them is basic in concept, but ingenious in execution.

In order to fool users who weren’t paying close enough attention, attackers allegedly:

  • sent emails from we11point.com (which resembles Anthem’s former wellpoint.com site) and prennera.com (which resembles the premera.com domain), and
  • set up fake websites that resembled the real ones to capture credentials.

This kind of attack wouldn’t slip by most users. But all it takes is one busy user who isn’t paying close enough attention to give the hackers everything they need.

3. Selling data to the highest bidder

Not all breaches are good users gone bad. According to recent reports, users value security so little they would sell their own passwords or work passwords for a profit – even if it’s as low as $150.

And it’s not always passwords that are up for sale. Sometimes users will do the heavy lifting for hackers, selling entire databases full of information on the black market.

Just know that monitoring users carefully is a must, no matter how much you trust them individually.

Ninety-nine percent plus are decent people: But those few who have privileged information and are willing to profit from it by illegal methods pose a huge threat.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy