The Anti-Social Advantage
Protecting Your Business from Social Engineering and Cyber-AttacksIn today’s age of business and technology, it’s hardly uncommon to hear about another company having its customer information compromised. Cyber security is a risk for any size organization. However, don’t go looking
What's social engineering?
Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Many of these attacks rely on people’s willingness to be helpful.
Types of attacks to be mindful of include:
- PHISHING: The most common social engineering attacks come from phishing or spear phishing and can vary with current events, disasters or tax season. Since about 91% of data breaches come from phishing, this has become one of the most exploited forms of social engineering. Phishing is the practice of sending emails appearing to be from reputable sources (sometimes your CEO or CFO) with the goal of influencing or gaining personal information.
- BAITING: Beware of all those free USB drives that get handed out at conferences. These are a common source of infection and malware. You can see how easily a USB drive may get transferred from one device to another.
- PRETEXTING: In this scenario, one party lies to another to get privileged information. This could come in the form of an attacker pretending to be a bank, the IRS, credit card provider, etc. and asking for you to validate personal or financial information to confirm identity.
- SCAREWARE: Also known as ransomware. Often times this occurs when someone has clicked on a bogus link or downloaded some software that was infected. The malware launches and advises that something is wrong with your computer, and they can fix the problem. The phone number typically routes to a hacker call center in which they will take your credit card number to fix the fake problem on your PC.
How can I combat social engineering attacks?
The power to stop social engineering relies heavily on individuals. Following these three guidelines could help to better position your organization to prevent this type of attack:
- Security Awareness Training
Keep training frequent, simple, practical and interactive. Policies and procedures don’t protect your business from attack. Actively engaging with your employees and educating them on what to look out for is a huge deterrent. Make this a part of your new hire orientation and review frequently with the whole company.
- Defensive Actions
employeesguidelines for handling information and what actions they should take if they've become victim to an attack. Continue to drive a security-focused culture in your organization.
- Realistic Penetration Testing
Partner with proven professionals to uncover true risks and vulnerabilities in your organization. These firms can provide a host of real-world social engineering and other attacks to test the effectiveness of your employee training.
Hopefully, these tips will help you and your employees stay vigilant against this ever-growing threat. Remember that awareness,
Fight crime and minimize risk to protect your business. Need help? Contact us.
- Cyber Liability E-Book
- Hand It Over: The Scary Truth About Social Engineering
- Crime Insurance vs. Social Engineering Claim - Is There Coverage?
- Hacktivism: A Growing Threat
ABOUT THE AUTHOR