Social engineering defined: What your company needs to know about the new breed of cyber attacks.
Despite the growing prominence of cyber attacks, many office managers and business owners still view these threats to their organisations as little more than mindless viruses and computer programmes.
However, behind every cyber attack is a human being who has no qualms about exploiting our emotions to get what they want.
What Is Social Engineering?
Social engineering is a series of tactics perfected by hackers who are up to no good, all of which are designed to manipulate users into giving up valuable, personal information.
Fraudsters have mastered the art of psychology, and they know what works.
Social engineering attacks can come in several different variations. You may already be familiar with some social engineering tactics like phishing, but what about vishing? (Yes, they’re different!)
- Phishing: A favourite of cyber criminals, phishing is the popular process of convincingly posing as a credible source and requesting personal information via email (and increasingly via SMS text messaging).
- Vishing: Utilising the same psychological techniques as phishing, vishing attacks are carried out via voice rather than email or text message. Callers may pose as co- workers, for example, and request company information such as log-in usernames and passwords.
- Baiting: This is exactly what it sounds like—when a criminal uses something enticing to trick victims into taking action. For example, a hacker may load a USB stick with malware, falsely label it (e.g. “Updated Financial Projections 2020”), and then leave this USB stick where it will be easily found (i.e. in the company accountant’s top drawer!) in hopes that someone will insert the flash drive into their computer and, by doing so, unknowingly install the malware.
In some cases, cyber criminals will actually attempt to form relationships with their victims in order to extract greater amounts of sensitive information. This is called “farming,” as opposed to when hackers use isolated attacks such as baiting or phishing.
How To Defend Against The Threat Of Social Engineering
Now that you understand the very purposeful, human influence of cyber crime, you’re likely wondering how to protect your business from social engineering attacks. Fortunately, knowledge is your best defence.
By understanding the principles of social engineering and the way that hackers may target your office or business, you’ve already taken the first step towards protection.
We recommend taking some time to hold regular meetings with your employees about how to avoid social engineering attacks. For example, you may install office-wide anti-virus software and encourage your employees to:
- Frequently review some common examples of social engineering, like the ones we highlighted above.
- Beware of following links or visiting websites encouraged by emails, text messages, or phone calls.
- Think before they click.
- Pause before submitting any personal information.
- Use strong passwords and never use the same password for more than one account or in more than one department.
- Carefully consider the source of any business correspondence.
Many other types of social engineering cyber attacks exist aside from the ones we’ve covered here—there’s no end to the way that criminals can manipulate their victims. However, the basic principles of protection remain the same, so frequently refresh the members of your office on strategies to stay on top.
Cyber Security Awareness Training
To help keep companies ahead of the advancing social engineering techniques that cyber criminals are using, we have introduced a new service: Cyber Security Awareness Training. It is designed to help Irish businesses to make their employees their first line of defence against social engineering attacks.