Cyber criminals don’t just slip into your network with the help of some serious hacking skills. In fact, there’s a much simpler way to do that… through your employees.
Social engineering is a tactic hackers are using more and more frequently to infiltrate systems. It involves a variety of approaches that focus on manipulating employees to drop standard security protocols. And if you expect to protect your data these days, then you’ll have to take the necessary steps to educate and train your employees on how to detect and avoid these approaches. Here are a few of them to look out for.
Most business professionals are familiar with the concept of phishing, but not everyone is able to successfully sidestep an attack. Phishing attacks usually come at you via email and attempt to gather information about you or your business illegitimately. This information could be personal, financial, or client specific. For example, Mattel fell victim to a phishing attack a few years ago when a Mattel executive sent $3 million to a group of hackers under false pretenses. But these attacks don’t have to be as extravagant. It could be an email asking you to update your login credentials, click on a link, or download an attachment.
Whether it’s on a website, through an email, or in person, a criminal practicing social engineering might offer you something in return for information. A free download. A neat pen. Some money. Whatever it is, it usually doesn’t come at a fair price. That free download will turn into ransomware, and that neat pen will result in a hijacked password and hacked database.
Some criminals will resort to lightweight espionage to get what they want, and they rely on the human element to help them do this. And this isn’t as difficult as it seems, either. If the building is locked by keycards, a criminal can just wait until a polite office worker decides to hold the door open for the person behind them. If computers are visible from the waiting room, a criminal can just glance over the counter to gather sensitive information. Everyday interactions and simple observations can tell the common hacker more than you might think.
St George ProTechnology offers phishing and other social engineering awareness training.
Contact us for details.