No matter how many firewalls are put up or how complex passwords may be, if your employees are unknowingly giving out their credentials to strangers, your information security will never be immune to breach. A recent flash poll conducted on security professionals by Dark Reading found that the biggest social engineering threat to organizations is not a specific type of scam, but a general lack of employee awareness.
Social engineering is a tactic by which intruders use psychological manipulation and human interaction to get people to reveal confidential information and breach security.
Even with protocols put in place to prevent intruders from entering a secured premise, rules can be forgotten and, with the exception of security guards, most people are reluctant to demand credentials of strangers. But as intruders becoming more thorough in their research and methods, companies also need to put their guards up and be more careful. Here are 4 things you should know about social engineering:
1. Human kindness could be your downfall
More often than not, attackers gain access to a premise simply because a kind employee held the door open for them. Once inside, you’d be surprised how quickly and easily intruders can get the information they need. A slip-up in a conversation, passwords on post-its, a vacant and unlocked workstation – all mundane errors made everyday that leave company information vulnerable to exposure.
2. Hackers are getting real
It used to be that phishing attacks could be distinguished simply because they were vague, grammatically inept, and misspelled. But nowadays, spell checking emails is just step one. With our lives so completely on display through social media, an email impersonating a real person in the office makes scams even more difficult to discern. Never, ever send passwords or confidential information in an email and always be sure to verify or report emails with suspicious requests.
3. They will try to fool you twice
Even if employees are sharp enough to avoid the initial phishing attempt, they are still not in the clear. It is common for attackers to follow-up an email with a phone call to provide further legitimacy to the request. Because individuals who might not have the best knowledge about technology feel reassured by the “IT expert”? on the phone, the second attack is often a win for the hacker.
4. If you can’t beat them, join them
Since programming a firewall into the human brain is not an option, the best way to combat social engineering attacks is to perform one yourself. The best way for your employees to learn is through experience. Hiring a party to carry out a social engineering campaign offers a safe environment for your employees to spot scams, realize possible mistakes, and gain awareness. Furthermore, the success of these real-world simulations will highlight all the areas of protocol that need to be revised or reiterated. For now, drilling employees with security awareness training is as close to a human firewall as you can get.