Organizations should also consider increasing the use of drop down menus for gathering information. Instead of typing in information with trackable keystrokes, drop downs enable users to select characters or words with the mouse, which a keylogger cannot record. However, in addition to these more general security tools, there are a number of applications, recently on the market, that can automatically identify hardware keyloggers. These software solutions disable the devices by intercepting and blocking communications between it and the targeted computer. The software also alerts the IT department to the presence of keyloggers.
The secure organization
Keyloggers are such a potent source of danger because they exploit the gap created by not one but two notoriously weak areas of IT security. The first is our ongoing reliance on passwords. Sophisticated intrusion prevention or segmented access authorization do add extra layers of protection to corporate networks, but they still cannot distinguish between a legitimate user with the right password and a malicious one.
The second is old-fashioned physical security, often forgotten when devising strategies to protect virtual assets. Since hardware keyloggers require physical access to the targeted machine the criminal must be in the presence of that computer, even if itís only for a matter of seconds. If they are to protect themselves against keyloggers, organizations have to give the broadest possible definition to IT security. That means policies to help employees recognize social engineering attacks, and even conducting thorough background checks on auxiliary staff who have access to the building.
After all, if you think your data is worth protecting, then someone else will think it is worth stealing.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.