5 Tips to stay on top of social engineering
Traditional hacking aims to compromise the settings of IT systems and applications. Social engineering refers to how attackers manipulate people into giving up confidential information. Social engineering attackers attempt to exploit the users of these technologies by claiming to be trusted acquaintances such as fellow employees, vendors or support personnel to try and trick the target. Being human, by omission, means that people in general are always trusting and willing to help others. Attackers use this human trait to their advantage by deceiving victims into revealing information that compromises their data security. This technique has extended itself into the workplace, now compromising business data security, too.
Traditional protection from malware and viruses will not protect you from a social engineering attack. Once attackers gather bits and pieces of information about an organisation from the victim, they’ll be able to put the pieces of the puzzle together and exploit the entire business. Examples of social engineering include phishing emails, physical breaches, pretext calling, etc.
Be sure to train employees to follow safe security measures that one would implement in case of an attack. Here are five key tips to protect your employees from social engineering in the workplace:
- Always be cautious of sharing sensitive information about your organisation on social media platforms such as locations, new working partnerships, etc.
- Always be apprehensive of suspicious looking emails and questionable links.
- Never allow for a stranger to connect to your wireless network in the workplace.
- Review security policies regularly to stay up-to-date on the latest social engineering techniques.
- Never share personal information over the phone until you can verify where they are calling from.
Social engineering is still one of the most effective attack vectors. It is important to treat security awareness and training as an investment towards the safety of your organisation’s network and data.