Protecting Your Business from Social Engineering

Aug 28, 2018

Social Engineering

Dictionary.com defines social engineering in the context of information security as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. “ And, in order to protect against social engineering, your business first must understand the many types of attacks. Below are the most common.

Baiting

When a cybercriminal entices the victim into taking some type of bait, either tangible (a malware-loaded USB stick) or intangible (pop-ups that lead to malicious websites), it is known as baiting.

Phishing, Spear Phishing & Vishing

Phishing involves email containing links to harmful or malicious websites often containing viruses. Hackers pose as a trusted business and send emails asking for private, sensitive information. The email recipient replies or clicks through to a fake website and enters account or billing information, for example, and now his or her credit card details are in the wrong hands.

Spear phishing is going after one key person, such as the HR manager, who can release employee records. The email appears to come from a company director, for example, and asks for W-2 records on all employees, which contain names, mailing addresses and social security numbers. Read more on data breaches and cybercrime in last week’s blog.

Vishing is the same as phishing except it’s done via phone (voice) instead of email.

Email Hacking & Contact Spamming

You know you’ve been hacked when cybercriminals hack directly into your email account and send messages to your contacts directly. There are usually pretty obvious clues to alert you to the fact that this isn’t really coming from your trusted contact, such as typos and broken English, but it’s not always obvious.

Pretexting

Pretexting is the use of interesting or enticing pretext (e.g. an email naming you the beneficiary of a will) to gain your interest and lure users in before tricking potential victims into providing something of value.

Quid Pro Quo

Translated from Latin to mean “something for something,” hackers play on victims’ psychology while asking for something but offering something in return. Common instances are emails stating that your computer’s been hacked, so the perpetrator poses as IT support and asks for your password so they can remote in and help you fix it.

What can your company do to counterattack?

There are two key components to a counterattack on social engineering: employee awareness and your IT department keeping things such as antivirus software current.

MANAGEMENT: Train All Personnel

Host regular seminars and drills just as you would for fire education and safety. Why? People are the weak link in this type of security scenario because they tend to act first and think later. Unlike a faulty door lock allowing a burglar access to your home, this form of attack relies solely upon the person receiving the email to take action. If the in-house resources aren’t available, hiring a third party to test and train staff will ultimately ensure that all employees are armed with the appropriate defense against the many forms of social engineering.

EMPLOYEES: Good Rules of Thumb

Slowing down is the first rule and using common sense is rule number two. After all, how likely is it that a Nigerian prince wants to send you money after first collecting your money? Change passwords often and use two-factor authentication. Never open attachments or click links in emails from untrusted sources. Look for the sender’s domain to match the company website (for example, customerservice@usps.com is legitimate while cstmrssvice@usps1234.com is not) and note that it’s safer to type the URL directly into your web browser than it is to click on a link. Paying attention to these types of details can go a long way, as can listening to your gut! We usually know when something is “off” and this is the perfect time to tune into that sense.

IT DEPARTMENT: Install Antivirus Software

Antivirus software is an ally that works around the clock. Software such as Norton or Malwarebytes will automatically scan, quarantine and create reports, notifying users if there is a problem. Protect against viruses, worm, adware, spyware, Trojans, malware and ransomware in real time. Ensuring your operating system and email spam settings are both up to date can also go a long way.

Knowledge is power and hackers only have the power if we give it to them. Instead, keeping your staff well-informed of the dangers of social engineering and ensuring your IT department stays up-to-date on antivirus software will help counterattack the threats that every business is likely to encounter.





Loading Conversation
Back to Blogs

Category List


Tag List

Home Safety During Winter (1)
Business Security Trends (1)
Fire Inspections (1)
Real Estate Safety Tips (1)
Per Mar Security (1)
Vice President/Controller and Lori Ryden (1)
Per Mar Careers (1)
Energy Saving Tips Business (1)
Poison Prevention (1)
Cyber Monday Shopping (1)
Door Security (1)
Cyber Crime (1)
Investigative Services (1)
Monitored Smoke Alarms (1)
Customer Sevice Tips (1)
Holiday Shopping (1)
Daylight Saving Time (1)
Small Businesses (1)
Safety Tips for Moving (1)
Food Safety Tips (1)
Security Cameras (4)
Boat Safety (1)
Baby Safety Month (1)
Careers (1)
Burglary Prevention (3)
Campus Fire Safety (1)
Fireworks Safety (1)
Energy Saving Tips Home (1)
Business Security Systems (1)
Background Checks (2)
Power Outages (1)
Black Friday Shopping Safety Tips (1)
Video Surveillance (1)
Event Security (1)
Business Fire Safety Tips (1)
Robbery Prevention (1)
Home Automation (1)
Winter Home Fires (1)
Traveling for the Holidays (1)
Protecting Your Business (1)
Home Safety (3)
Property Managers (1)
Pet Safety Tips (2)
Summer Vacation Tips (1)
Fire Escape Plan (2)
Marketing Intern (1)
Social Engineering (1)
Environmental Monitoring (4)
Home Security Trends (1)
Kids Safety Tips (1)
access control (2)
Monitoring Center (1)
Summer Intern (1)
Spring Cleaning Tips (1)
Event Services (2)
DIY Security System (1)
Security Officer Services (1)
Door-to-Door Scam (1)
Neighborhood Watch (1)
Pet Owners (2)
4th of July (1)
Video Doorbell (1)
Shopping Online (1)
Part Time Employment (1)
Prevent Burglars (1)
Driving Safe (1)
Senior Care (1)
Child Safety (1)
Prevent Retail Theft (1)
Business Safety (1)
Realtor Safety Month (1)
College Campus Safety (2)
IA (1)
Emergency Contact List (2)
Carbon Monoxide Detectors (1)
Doorbell Camera (1)
Restaurant Safety Tips (1)
Total Connect (2)
Mobile Patrol (1)
Flu Prevention (1)
Home Safety Tips (1)
Vacation Security (1)
Window Security (1)
LifeCall Medical Alert (1)
Fire Alarms (1)
Children Safety Tips (1)
Saving Energy (1)
Earth Day (3)
Video Surveillance System (1)
Travel Safety (2)
School Safety Tips (1)
Marina Safety (1)
Video Verification (1)
burglar and fire alarms (1)
New Year's Safety (1)
Fire Safety (7)
Remote Access (2)
After School Safety Tips (1)
Home Security (4)
Travel Safety Tips (1)
Home Security for Seniors (1)
Bath Safety (1)
Halloween Safety (1)
Socia Media (1)
Monitored Security Systems (1)
Senior Citizen Safety (1)
Personal Safety (3)
Pre-Employment Screening (2)
Monitored CO Detectors (1)
Home Security Systems (6)
Business Security (6)
Case Study (1)
Employee Safety (1)
Flood Monitoring (1)
summer jobs (1)
Online Security (1)
Building Security (1)
Monitored Fire Alarms (1)
Business Security Tips (1)
Medical Alert Devices (1)
Security Systems (1)
Home Security Cameras (1)
Workplace Safety (1)
alarm monitoring (1)
Prevent Security Cameras From Being Hacked (1)
Smart Home Automation (2)
Security (1)
Fire Safety Tips (3)
Staying Safe On Campus (1)

Archive