Look Inside For Cyber and Insider Threats

In more than 20 years of speaking at events, I have noticed a recurring theme among the crowds. “Many attendees come to learn about Cybersecurity with good intentions, eager to protect their digital assets. However, an equal number are bad actors, seeking to learn how to evade digital defenses. 

Recently, we at eMazzanti discovered a “lookalike domain” eerily similar to the emazzanti.net site. The bad actor’s domain was only one letter off, hoping to attract legitimate organizations trying to reach us, with the goal of penetrating their networks and installing malware and taking other crippling action. You can read about some similar incidents and how to defend against them here. 

Fortunately, our trained professionals were alert and noticed this scheme before the imposter could cause significant damage. 

We pursued the perpetrator through the World Intellectual Property Organization (WIPO), a UN agency that protects and promotes intellectual property across borders. WIPO transferred control of the site to us, and our InfoSec team shut it down, preventing the bad actor from luring innocent traffic and spreading malware. 

But the story didn’t end there. At our request, WIPO identified the person who had registered the bogus domain. When contacted, the individual claimed, “It wasn’t me. Someone used my name to register that domain.”  

Right, and I’ve got a bridge to sell you at a great price. 

This incident highlights a critical issue: the refrain “It wasn’t me” will continue to echo across countless organizations. Will good people learn from these experiences?

Trust but verify 

Over the years, I have consulted for thousands of companies, helping them navigate the complex world of cybersecurity. Early in my career, we had a flooring company as a client. The bookkeeper, a long-term, trusted employee, wrote checks made out to the owner’s husband but cashed the checks for themselves. They then tried to hide it by altering the company’s records.” 

The bookkeeper was eventually caught. But instead of being fired or reported to the authorities, they received a stern warning, and were allowed to return to their duties. Needless to say, the employee went right back to writing and cashing checks, and the company is no longer around. 

We share these stories for two reasons: first, to emphasize the importance of staying alert and prepared for bad actors, whether they come from outside your organization or from within. To protect against outside threats, work with eMazzanti, an experienced cybersecurity provider. We can offer technical defenses and train your employees to keep your website and data safe. 

To address insider infiltration, look out for red flags. Is an employee complaining about financial difficulties? They may feel tempted to do something wrong for cash. If you see or hear about someone in that position, take extra precautions and monitor their actions. If they talk to you about their finances, listen carefully. Then, decide whether to help them with a short-term loan or if they deserve a raise. 

Implement and maintain controls across departments to monitor improper activity. And if you see an employee who appears to be living beyond their means, check your back pocket. 

You might trust your employees, and you may even love them. However, we can guarantee that a thief is nearby. This person could be reading this article or sitting in your office. They have chosen to do something wrong. Trust them, love them, but face the thief and take action.