Social engineering is the art of “human hacking,” which means manipulating people to give up confidential information. Let’s face it… humans are gullible. We like to be liked, to help, and we do not like to be yelled at. But one of our most dangerous attributes when it comes to becoming a victim… is that we naturally trust each other.
Criminals use social engineering tactics because it is easier to exploit our natural instinct to trust than it is to discover ways to hack your software. These devious people are often behind phishing emails, fake-text calling and emergency questions. All are designed to appear normal and request you to take action; clicking a link, answering a question or giving access to company and client information.
Today’s technology has helped fuel sophisticated attacks by utilizing a cloak of ‘invisibility’, the internet. The goal is to get people to give out passwords, bank information, or even better, to hand over access to a computer so they can install malicious software, giving them access to the same information, and control over the computer.
By now, you may be thinking, “isn’t that what my anti-virus is for?” Anti-virus does help, but security is all about knowing who and what to trust.
The weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows if you trust the person at the gate who says they’re a delivery person, and you let them in without first checking to see if they are legitimate.
New employees are the most susceptible to social engineering, followed by contractors, executive assistants and human resources.
Most small business owners believe digital theft won't happen to them. They're wrong.
Of the last 20 major attacks on corporations, 12 involved social engineering, that’s over 70 percent. These attacks are on the rise because it’s the easiest way into companies and it merits a lot of profit. New research finds social engineering is now a common attack strategy and hackers are hitting organizations frequently. Attacks are widespread, frequent and costs organizations thousands of dollars annually. Social engineering attacks cost victims an average of $25,000 - $100,000 per security incident.
Even worse, almost a third of organizations say they don’t have any sort of social engineering prevention policy on place.
Successful social engineering has an overwhelming negative affect on a business. With the loss of confidential information about clients, their finances, businesses, private lives, etc. your company’s reputation and goodwill are in jeopardy. The loss of trust will ultimately erode an organization’s base in the long run. Then there’s the legal liability costs.
- Understand the risks of file sharing. If you don't enable the proper settings for your computer, you could allow access not just to the files you intend to share, but also to your hard drive.
- Check the strength of your security, both online and offline. It doesn’t matter is you are a 3 or 3,000 person company, review your information release and social media policies. Train your team to be wary of people trying to scam them and how to treat personal data. Set standards and policies for what an employee can do or not do on corporate email and online.
- Check with your vendors and contractors about how they protect your data.
- Keep your client information and company data more secure by doing considering the following: Consider using encryption
- Have a quality updated Firewall
- Have an Anti-Virus that updates, they become dated quickly
- Don’t store more personal data about employees or customers than you need.
- Stay current with your updates: Be on at least Microsoft Windows 8.1, but you should be on the latest version of Windows 10. The older your operating system, the more time hackers have had to find ways to get through your defenses.
- Consider partnering with a Managed Service Provider who will continuously monitor your network and act quickly in the event of a breach.
The biggest obstacle of stopping a social engineering attack is awareness, it can and will happen to you. Start putting policies in place now to protect your business, because it’s not really a matter of “if” it’s a matter of “when.”