When people think of security threats, they think of hackers and robbers. But your real threat comes from engineers.
Social engineering is any activity that manipulates people into providing confidential information. Unfortunately, it’s on the rise. Google processes more than 18 million social engineering emails every day.
The threat is significant. You can have your identity stolen and your business sabotaged. Yet even security professionals cannot provide social engineering examples.
If you want to keep your business safe, you need to know a few. Here are five.
Phishing is the single most common security threat. It makes up more than 80 percent of reported security incidents. That includes both hacking and social engineering attacks.
It occurs when a hacker contacts a target. The hacker presents themselves as a legitimate source, usually the target’s boss or supervisor. They ask them to install malware or share personal information.
Most phishing occurs through email. But it can happen through social media, chat applications, and phone calls.
Fortunately, phishing is one of the easiest social networking threats to stop. Many emails look like they are from a trusted source, but they contain typos or strange comments. If you receive an email with information that doesn’t seem right, delete it immediately.
Tell your employees that you will never send them an email asking for personal details. Give them the sources that would send them emails, ideally in a printed list. If they receive an email from an address not on that list, tell them to ignore it.
Never download a file attached to a suspicious email. It can contain anything. Never click on a link within the email.
Spear phishing is related to phishing, but it has distinctions. Like phishing, spear phishing takes place through emails and text messages. However, these emails contain personal information that makes them seem legitimate.
Many social media accounts are public, so anyone can view posts and biographical details. Hackers simply find a person’s pages, then place details from them in the email.
As with phishing, never open an email from a source you don’t recognize. Give your employees lists of legitimate email addresses and tell them to ignore all others.
If you suspect someone is looking at your social media pages to spear phish, write a fake post. Include personal details you know are not true.
If those details appear in a spear phishing email, you know someone is looking at you. Make your pages and posts private.
Baiting is rarer than phishing, but it’s still important to know. Hackers leave a malware-filled device in a public place, like a flash drive. Someone takes the flash drive and inserts it into their computer, infecting the system.
Label all of your personal devices, including CD ROMs and drives. Do not insert any devices into your computer that you do not recognize.
If you find something you don’t recognize, put it in the lost and found. Send a message to your employees asking if it belongs to someone. But make sure no one inserts it into their computer.
If baiting occurs often, consider physical security measures like monitoring entranceways. Keep a log of access cards. If an employee reports that theirs has been stolen, take immediate measures.
Install antivirus software on all company computers. It provides a basic level of protection in case a piece of malware is downloaded.
Extortion can occur in several ways. Someone can blackmail someone else with personal information. They can obtain this information through legal and illicit means.
A hacker can download key trackers onto a computer. When someone types in their personal information, it goes straight to the hacker. The hacker then notifies the target and asks for money in exchange for not exposing the information.
Ransomware encrypts files on a computer, making them inaccessible. A window then appears, saying that files will get deleted if the target does not pay.
If you have sensitive information, do not store it on computers. Use safes and safety deposit boxes to store it.
If you must keep something on a computer, use an air-gapped device and cheap proxies. Stay off of Wi-Fi and encrypt the files on your hard drive. Store the device in a location that no one knows about.
Hackers can lie about the information they have. Don’t provide any money to someone you think has nothing on you.
Take your infected computer to a professional. Do not try to resolve ransomware on your own.
Tailgating is one of the few physical social engineering techniques. An attacker follows a target into a secure location. They get in when someone holds the door for them or asks to borrow a device.
When a hacker tailgates into an office, they often head straight to the Wi-Fi network. They can disrupt services from their computer and/or access personal information.
Tailgating is a way many thieves case an office. They look around for entrance and exit ways, then come back at night and steal belongings. They can also steal an access card, letting them enter whenever they want.
Make sure you can secure your Wifi network from threats. Read articles like https://setapp.com/how-to/secure-wifi-network-from-any-threats to understand the safety measures you’ll need to know. Talk to your IT staff about additional precautions you can take.
Install surveillance cameras on the entranceways into a building. If an unauthorized person enters, download their photograph. Keep track of who enters a building and when.
Have extra security measures at night. Hire roaming security guards who can walk through your building and monitor all points.
The Most Common Kinds of Social Engineering
Social engineering is hacking combined with confidence tricks. But if you know the most common kinds, you can avoid getting duped.
Avoid phishing and spear phishing by deleting any suspicious emails. Never provide any personal information to accounts you don’t recognize.
Avoid baiting by not inserting CD ROMs or flash drives into your computer. Keep private information off your computer to dodge extortion attempts. Keep an eye on entranceways to avoid tailgating.
Your safety depends on knowing the facts. Follow our coverage for the latest security updates.