Protecting People and Businesses from Social Engineering
When we talk about cyber-attacks, discussions are shifting from just keeping devices up to date with anti-virus software to protecting people and devices from numerous, more serious attack vectors. An important aspect of the numerous attack vectors involves protecting the human element. Even if our security plan seems to have an impenetrable system, there is a chance of error in the way the user handles it. Because people play a large role in day to day business operations, hackers can use social engineering to their advantage to penetrate devices and compromise information.
What is social engineering?
Social engineering can be defined as manipulating and deceiving people in order to obtain data or information that is meant to be private and secure, in order to penetrate the system. A hacker uses “social engineering” to target human vulnerabilities in an attempt to break through security controls and procedures that are setup to prevent one from compromising personal and/or secure data.
What kind of information can be obtained?
Social engineers are typically looking for specific information but can also seek out information that is easily accessible to them depending on the motive behind the attack. Most commonly, they are seeking specific information from specific people from specific organizations.
How can you protect yourself?
- Minimize sharing any personal information or data unless necessary.
- Make sure you have verified and trust the recipient of the data you are sharing.
- Confirm the person you are speaking with as they can reach out with multiple methods of communication like phone, email, instant messaging, etc.
- Do not open email attachments from unknown senders.
- This method is widely used to spread malware and give access to personal information
- Secure your devices; spam filtering and anti-virus software can be helpful to combat malicious messages and phishing pages.
Here are some examples of social engineering attack techniques:
- Baiting: This relies on targeting the psychological aspect of the human being. An email or link referring the user to a counterfeit site through which the user's login data is compromised.
- Pretexting: The attacker can get the information through a series lies created by the perpetrator who pretends to need sensitive information from the victim to perform a critical task. An attacker usually begins to impersonate co-workers, police, bank and tax officials, or other persons with the power to know the victim’s identity through which they collect important personal data.
- Phishing: Typically sent by email, aims to compromise the user’s data including but not limited to login credentials, personally identifiable information (PII), and financial information.
You might feel confident that you cannot be fooled by social engineering, but some of the top executives in large companies have been exposed resulting in major data breaches. Do not rely solely on basic awareness of social engineering, make sure you follow the right security practices and have the right security protocols in place to help you prevent any cyber-attacks.
RB Advisory can help you prevent social engineering attacks with employee awareness training and a well-rounded cybersecurity plan. For more information, please reach out and see how you can protect yourself and your business alike.