Things To Know About Social Engineering

Category: Cybersecurity
Type: Blog
Author: Jason McDaniel

When speaking of online threats, business owners are quick to mention viruses, Trojans, ransomware, botnets, and hackers. But they often forget the one crucial thing that allows malware to intrude on system -- the human element.
 
Traditionally, few organizations have thought much about this flaw in their security strategies. Instead, they install the biggest and baddest anti-virus software, or invest in the most expensive firewall. In most cases, these are not enough. 
 
Malware and hackers on their own can’t do much damage. But unsuspicious employees become unknowing insiders who, with the right kind of manipulation, can be led to reveal your company's sensitive information.
 
This is called social engineering, and it's one of the most devastating means of malware intrusion and hacker attacks. So, it’s critical that you know the different types and how you can protect yourself.
 
Phishing
If you’ve ever received an email from Nigerian royalty asking you to send money to their bank account so they could unfreeze their accounts and pay you back tenfold, then you have been the recipient of a phishing email.
 
Do you think you or your employees would be smart enough to recognize a phishing email on their own? Let’s take a look at this example of Facebook and Google. Considering their sophisticated technology, you probably would have thought they'd be impenetrable. 
 
Email and spam protection software can do only so much -- they are not 100% foolproof. That’s why it's so important that you train your staff about identifying suspicious emails and put a policy in place against downloading Zip file attachments. You should also require employees to exchange personal information face-to-face or via phone only, or ban the use of hyperlinks in email communication.
 
Baiting
This form of social engineering involves the use of CDs and USBs that are left in or around a company’s premises or sent to an employee via snail mail. The attacker takes advantage of the recipient's curiosity and hopes that they’ll be intrigued enough to run the disk or drive they've received on their work computer. Once they do, the malware makes its way into the company’s network. 
 
This happens more often than you may think, so it's critical your anti-virus software includes an option to scan external devices. Packages that were picked up from the parking lot, left in the reception, or came from an unknown sender belong in the lost and found, not plugged into your employees’ computers. If no one claims them, they were probably intended to wreak havoc on your business.
 
Scareware 
Fear can make the most rational person unable to think clearly and act hastily. Scareware, as the name implies, informs users that they have a computer virus and they need to download software to remove it. This supposed anti-virus software actually contains the virus. And due to a few moments of fear, one of your employees downloads the file, unknowingly infecting your entire IT infrastructure.
 
Scareware usually appears as a pop-up notification on parts of the internet where celebrity paparazzi photos, free movie streaming, cat videos, and other time-wasting content dwells. One way to avoid these pop-ups is to install internet monitoring software to block access to non-work-related websites. Also, you need to have clear instructions to employees not to install any software from the internet and an action plan in place for when virus infections occur.
 
Don’t have an in-house IT department or do you need help resolving social engineering issues? Are you looking for security experts to train your staff? Our certified technicians take security very seriously, so if you feel like your IT systems have been breached or you simply want to put security guidelines in place, call us today to keep damage at a minimum and prevent intrusions in the future.  
 
 

August 26, 2019
Back