The identity theft ring uncovered by a Sunbelt Software Inc. researcher calls attention to the treasure trove of data that can linger on even run-of-the-mill enterprise PCs—data that can be mined if those computers are ever compromised.
To protect your corporate data from being leaked, experts recommend the following steps.
First, always apply the latest software and operating system patches to close any known security holes. Attackers exploit security holes to silently install software on vulnerable systems.
Second, use group policy to disable default browser settings such as AutoComplete on Microsoft Corp.s Internet Explorer, which retains Web addresses and sensitive information such as user names and passwords used to log in to secure Web sites.
Third, clear any stored forms and passwords from the computers cache using the AutoComplete settings feature in Internet Explorer.
Fourth, it is recommended that you deploy a desktop firewall that can monitor outbound communications. Sygate Technologies Inc., of Fremont, Calif., offers a free desktop firewall that can do this.
Finally, survey any applications on your network that communicate over Port 80 (such as Internet Explorer), then lock down that port to traffic from unauthorized applications.