Monthly Archives: November 2020

Home / 2020 / November

5 Tips to Prevent Social Engineering

Social engineering is effective for criminals and dangerous for businesses.  It takes advantage of human behavior to gain access to systems.  Consequently, no antivirus can work to prevent an attack if a criminal manipulates the target into making security mistakes.

So, how can you prevent such cyber-attacks? Here are five proven tips that can help you prevent social engineering attacks:

1.      Train Your Employees

Cybersecurity relies heavily on human behavior. Therefore, your employees should be the first line of defense in detecting, and preventing social engineering attacks.

You must ensure that your employees understand the tricks cyber criminals use to perform a social engineering attack. Additionally, they should know the signs to look for to detect such an attack.

Some of the things your employees should never do include:

  • Disclosing sensitive information over phone, text or email
  • Opening attachments from unknown sites
  • Allowing people into protected areas if they do not have the credentials and authorization to be in the protected area (some criminals use tailgating to enter protected areas)
  • Warning your employees against responding to instructions that seem to be from executives or seniors at your organization without confirming via a call to that person.

Train your employees to remain skeptical when they receive requests that often seem urgent or have negative consequences when ignored.

Moreover, you can take your training a notch higher by conducting phishing simulations to help you detect how well your employees can identify a phishing attack.

2.      Use Antivirus and Endpoint Security Tools

While social engineering attacks target your employees directly, you can prevent these schemes from reaching your employees by installing antivirus and endpoint security measures on all your company’s devices.

Fortunately, modern endpoint security tools and antivirus software are often capable of blocking links to malicious websites, obvious phishing messages, and IP addresses that are listed as threats.

3.      Conduct Penetration Testing

Cybercriminals often find ways to penetrate your organization’s defenses. Unfortunately, they constantly look for angles to exploit the weaknesses in your security system. You can prevent this by working with an ethical hacker who uses his or her skills to identify these weaknesses by attempting to exploit them.

Together with an ethical hacker, you can learn the weaknesses your security system has and the social engineering techniques to which your company is most susceptible.

4.      Update Your Software

Businesses that use updated software have lower chances of experiencing a social engineering attack. Specifically, updated software comes with security fixes to existing vulnerabilities.

Therefore, it is important to ensure that your firewall and antivirus software are from reputable organizations and are regularly updated.

However, cybercriminals continue to take advantage of businesses that have not yet updated their software.

5.      Implement a Good Policy for Social Media Privacy and Posting

Social media sites provide the personal information that criminals require to plan and execute social engineering attacks.

So, if your employees post too much information about themselves and your business, it could lead to massive loss of sensitive data from your business.  Therefore, establish a good policy on social media privacy and posting. This policy should include:

  • Keeping personal and company social media accounts separate
  • The information that can and cannot be shared on personal or business social media accounts
  • Providing minimum information on job listings to prevent divulging information that criminals could misuse

Final Word

Protecting data should be a priority for every cyber-aware business. Unfortunately, even if you are a small business, you stand the risk of losing sensitive data about your accounts, accounts of your clients and customers, and other valuable information.

In conclusion, your business should be aware of social engineering attacks, how they happen, and ways in which you can prevent these attacks.

 

What Is Social Engineering?

Social engineering is a type of psychological manipulation which utilizes human interactions and vulnerabilities to trick victims into disclosing sensitive information.

The information could be personally identifiable data such as social security numbers, log-in details, or corporate financial information. Once cybercriminals collect this information, they can use it to commit fraud or identity theft.

Social engineering taps into the natural instinct of trust. Through carefully worded emails, texts, or voicemail messages, criminals manipulate victims into disclosing sensitive and confidential information.

The social engineering life cycle follows the following steps:

·       Preparation

The first stage of a social engineering attack is preparation. The criminal identifies the victim and gathers background information about the target. The criminal then formulates the attack strategy.

Where victims are organizations, the criminal gathers information including their structure and the roles and responsibilities of all employees. They also collect data about behaviors and susceptibilities the targets could succumb to.

Criminals conduct this research through the company’s website, social media profiles, in-person visits, or stalking.

·       Execution

In this step, the criminal deceives the victim in order to gain a foothold. This stage often involves a story that manipulates the victim into the desired emotion, such as fear, desperation, or loyalty.

At this point, the criminal has taken control of the interaction, and the victim will likely provide the requested information or complete the required transactions.

For example, execution could involve an ostensible email of the CEO requesting an employee to wire money to the given account, or to send the password to a certain database.

Criminals are manipulative and patient at this stage until they get what they desire.

·       Exit

Social engineering masterminds prefer exiting without a trace of their being in the affected location or arousing suspicion. They will siphon the data they need, remove the malware they used, and cover their tracks.

Criminals using social engineering employ six key principles to deceive their targets:

·       Authority

A person is more likely to obey a person in authority, often without objection.

·       Scarcity

Cyber criminals utilize the fear of missing out to their advantage. They will convince you that this is a rare opportunity for you to make the most of your money, encouraging you to invest in whatever they are selling.

·       Reciprocity

Sometimes, a criminal will gain trust by doing you a favor, for instance by helping you detect a vulnerability in your company’s system. Afterwards, you are more likely to “return the favor”, sometimes against your best interests.

·       Commitment and Consistency

A social engineering criminal might lead you to commit to an idea or responsibility, which you are then likely to follow through with because of the human propensity to follow through with commitments.

·       Social Proof

Trends are an example of social proof. People will do what they see others doing, either from fear of missing out or out of curiosity. This makes it easy for criminals to use enticing headlines, or text to lure you into installing malware or providing sensitive information.

·       Liking

Likability significantly influences humans into making decisions, including buying decisions. Cyber criminals will often wear a likeable veil to persuade their victims to provide the details or take actions that the criminal wants.

In a nutshell

Social engineering uses psychology to manipulate people into giving up sensitive information about themselves or their companies rather than using technology or breaking into the victim’s data.

These schemes manipulate victims by triggering feelings of fear, greed, curiosity, helpfulness, and urgency to trigger the desired response.