Home

5 Tips to Prevent Social Engineering

Social engineering is effective for criminals and dangerous for businesses.  It takes advantage of human behavior to gain access to systems.  Consequently, no antivirus can work to prevent an attack if a criminal manipulates the target into making security mistakes.

So, how can you prevent such cyber-attacks? Here are five proven tips that can help you prevent social engineering attacks:

1.      Train Your Employees

Cybersecurity relies heavily on human behavior. Therefore, your employees should be the first line of defense in detecting, and preventing social engineering attacks.

You must ensure that your employees understand the tricks cyber criminals use to perform a social engineering attack. Additionally, they should know the signs to look for to detect such an attack.

Some of the things your employees should never do include:

  • Disclosing sensitive information over phone, text or email
  • Opening attachments from unknown sites
  • Allowing people into protected areas if they do not have the credentials and authorization to be in the protected area (some criminals use tailgating to enter protected areas)
  • Warning your employees against responding to instructions that seem to be from executives or seniors at your organization without confirming via a call to that person.

Train your employees to remain skeptical when they receive requests that often seem urgent or have negative consequences when ignored.

Moreover, you can take your training a notch higher by conducting phishing simulations to help you detect how well your employees can identify a phishing attack.

2.      Use Antivirus and Endpoint Security Tools

While social engineering attacks target your employees directly, you can prevent these schemes from reaching your employees by installing antivirus and endpoint security measures on all your company’s devices.

Fortunately, modern endpoint security tools and antivirus software are often capable of blocking links to malicious websites, obvious phishing messages, and IP addresses that are listed as threats.

3.      Conduct Penetration Testing

Cybercriminals often find ways to penetrate your organization’s defenses. Unfortunately, they constantly look for angles to exploit the weaknesses in your security system. You can prevent this by working with an ethical hacker who uses his or her skills to identify these weaknesses by attempting to exploit them.

Together with an ethical hacker, you can learn the weaknesses your security system has and the social engineering techniques to which your company is most susceptible.

4.      Update Your Software

Businesses that use updated software have lower chances of experiencing a social engineering attack. Specifically, updated software comes with security fixes to existing vulnerabilities.

Therefore, it is important to ensure that your firewall and antivirus software are from reputable organizations and are regularly updated.

However, cybercriminals continue to take advantage of businesses that have not yet updated their software.

5.      Implement a Good Policy for Social Media Privacy and Posting

Social media sites provide the personal information that criminals require to plan and execute social engineering attacks.

So, if your employees post too much information about themselves and your business, it could lead to massive loss of sensitive data from your business.  Therefore, establish a good policy on social media privacy and posting. This policy should include:

  • Keeping personal and company social media accounts separate
  • The information that can and cannot be shared on personal or business social media accounts
  • Providing minimum information on job listings to prevent divulging information that criminals could misuse

Final Word

Protecting data should be a priority for every cyber-aware business. Unfortunately, even if you are a small business, you stand the risk of losing sensitive data about your accounts, accounts of your clients and customers, and other valuable information.

In conclusion, your business should be aware of social engineering attacks, how they happen, and ways in which you can prevent these attacks.

 

What Is Social Engineering?

Social engineering is a type of psychological manipulation which utilizes human interactions and vulnerabilities to trick victims into disclosing sensitive information.

The information could be personally identifiable data such as social security numbers, log-in details, or corporate financial information. Once cybercriminals collect this information, they can use it to commit fraud or identity theft.

Social engineering taps into the natural instinct of trust. Through carefully worded emails, texts, or voicemail messages, criminals manipulate victims into disclosing sensitive and confidential information.

The social engineering life cycle follows the following steps:

·       Preparation

The first stage of a social engineering attack is preparation. The criminal identifies the victim and gathers background information about the target. The criminal then formulates the attack strategy.

Where victims are organizations, the criminal gathers information including their structure and the roles and responsibilities of all employees. They also collect data about behaviors and susceptibilities the targets could succumb to.

Criminals conduct this research through the company’s website, social media profiles, in-person visits, or stalking.

·       Execution

In this step, the criminal deceives the victim in order to gain a foothold. This stage often involves a story that manipulates the victim into the desired emotion, such as fear, desperation, or loyalty.

At this point, the criminal has taken control of the interaction, and the victim will likely provide the requested information or complete the required transactions.

For example, execution could involve an ostensible email of the CEO requesting an employee to wire money to the given account, or to send the password to a certain database.

Criminals are manipulative and patient at this stage until they get what they desire.

·       Exit

Social engineering masterminds prefer exiting without a trace of their being in the affected location or arousing suspicion. They will siphon the data they need, remove the malware they used, and cover their tracks.

Criminals using social engineering employ six key principles to deceive their targets:

·       Authority

A person is more likely to obey a person in authority, often without objection.

·       Scarcity

Cyber criminals utilize the fear of missing out to their advantage. They will convince you that this is a rare opportunity for you to make the most of your money, encouraging you to invest in whatever they are selling.

·       Reciprocity

Sometimes, a criminal will gain trust by doing you a favor, for instance by helping you detect a vulnerability in your company’s system. Afterwards, you are more likely to “return the favor”, sometimes against your best interests.

·       Commitment and Consistency

A social engineering criminal might lead you to commit to an idea or responsibility, which you are then likely to follow through with because of the human propensity to follow through with commitments.

·       Social Proof

Trends are an example of social proof. People will do what they see others doing, either from fear of missing out or out of curiosity. This makes it easy for criminals to use enticing headlines, or text to lure you into installing malware or providing sensitive information.

·       Liking

Likability significantly influences humans into making decisions, including buying decisions. Cyber criminals will often wear a likeable veil to persuade their victims to provide the details or take actions that the criminal wants.

In a nutshell

Social engineering uses psychology to manipulate people into giving up sensitive information about themselves or their companies rather than using technology or breaking into the victim’s data.

These schemes manipulate victims by triggering feelings of fear, greed, curiosity, helpfulness, and urgency to trigger the desired response.

 

 

5 Biggest Data Breaches Of The 21st Century

Data breaches occur when hackers infiltrate a computer network system and access sensitive information.  This can include financial records, security numbers, passwords and personal identifying information.

In the 21st century, data breaches affecting hundreds of millions or even billions of users are gradually becoming the order of the day. In this post, we will explore five biggest data breaches in recent memory.

1.     Yahoo

Yahoo fell victim to the biggest data breach in history so far. Back in 2014, amidst sales negotiations with Verizon, Yahoo experienced a data breach affecting all of its 3 billion user accounts.

The information stolen from its computer network included names, emails, hashed passwords, dates of birth, and security questions. The data breach was so bad that it compelled Yahoo to sell to Verizon at $350 million less than previously planned. Yahoo claimed that the attack was state-sponsored activity,

2.     First American Financial Corporation

The 2019 data breach of First American Financial Corporation exposed 885 million records. These records contained sensitive information including social security numbers, bank account details, mortgage information, and wire transactions.

The breach exposed information dating as far back as 2003. The company was mostly to blame for its complete lack of security. Its records had no form of encryption, making them extremely vulnerable to data breaches.

3.     Marriott International

A 2014 hack of Marriot International exposed 500 million records. The hack led to the leak of hard to find data such as travel schedules, passport numbers, and contact information.  It was not discovered until 2018.

Recently, Marriott has been the victim of yet another data breach exposing more than 5.2 million accounts between January and February 2020.

4.     Equifax

Equifax is one of the leading credit bureaus in the US and experienced one of the biggest data breaches in the 21st century.  A vulnerability in the company’s website compromised the personal information of 147.9 million customers.  Some of the stolen information included birth dates, social security numbers, driver’s license numbers, addresses, and credit card data.  Unfortunately, the company was partly to blame for the breach due to failure to segment its systems or to patch security vulnerabilities.

5.     eBay

eBay fell victim in 2014, revealing passwords, names, email addresses and dates of birth of all of its 145 million users.  Interestingly, the breach occurred over 229 days, during which hackers had complete access to the company’s network. The hackers used the credentials of three top corporate employees to infiltrate eBay’s computer network.

Even though hackers exposed this information, the breach did not affect the bottom-line of the company.  However, it did lead to a significant decline in user activity.

Protecting your Business from Data Breaches

Cyber security continues to be an elusive goal for many companies.  This is especially true for those with sensitive data such as addresses, contact information, credit card or bank details, and personal identifying information. Therefore, this data is usually the target of identity thieves.

Detecting a data breach is usually the most crucial step in responding to and mitigating the effects of the breach.  Thus, you can detect a breach by hiring cyber security experts, updating your technology and employee education, and by constantly monitoring your organization.

5 Cyber Security Best Practices For Your Business

Cyber attacks are a growing concern for small and medium enterprises. Some research findings reveal that 43% of cybercrimes target small businesses, and 60% of small companies that fall victim to a cyber attack are out of business within just six months.

As a small business owner, you don’t want to be the next victim. Here are five cybersecurity best practices your business should implement:

1.     Use a firewall and antivirus software

Firewalls provide a barrier between your computer network and cybercriminals. Firewalls work by assessing the data packets which arrive at your computer network.  They either accept or reject them based on the data they contain.

Your business should invest in both hardware and software firewalls to monitor incoming data for risks that could expose your business to attacks.

Use antivirus software in addition to firewalls to add an extra layer of security against threats that manage to get past the firewall.

2.     Keep your software updated

In a highly automated environment, it is easy for business owners to rely on automatic software updates.

But if you are concerned about the security of your data, you must ascertain that your operating systems and software are up-to-date (and that you are using high-quality security software).

Software updates look for and fix potential weaknesses that criminal hackers could exploit. Therefore, by having the latest software updates, you protect your business data from the vulnerabilities of older software.

3.     Train your employees

Employees are one of the greatest risks to your business. This risk stems from unawareness on the importance of cybersecurity and of the protective measures they can take to keep your business safe, such as installing firewalls to their home networks.

Employees are also vulnerable to phishing scams, which cybercriminals could use to install malware onto your computer network.

Cybersecurity education should not end with the IT department, but should reach every employee. Educate them on cybersecurity measures, your business’ cybersecurity policies, ways of identifying cybersecurity breaches, and responses to such incidents.

4.     Back up your data regularly

Cyber-attacks can happen to the most protected system, and your business should be ready for this eventuality. Back up all your data, including documents, spreadsheets, databases, financial and other business files to the cloud or on separate hardware devices.

You should store these backups in separate places for added security, preferably at an offsite location or in the cloud.

Your business should implement cloud computing (for easy and efficient backup systems) and a local back up in case the data on the cloud falls prey to cybercriminals.

Backing up data protects businesses from loss in case of natural disasters, human errors, ransomware, and hacking.

5.     Set strong passwords and multifactor authentication

Lost, stolen, and weak passwords lead to about 63% of data breaches , which should inspire businesses to enforce their password policies.

Businesses should use strong passwords that contain a mix of lower and upper case letters, numbers, and symbols. They should also change these passwords every 60-90 days.

Multifactor authentication adds an extra layer of security to strong passwords by requiring additional steps before one access your business data. Therefore, even if a cybercriminal manages to crack your password, the multifactor authentication could prevent further access.

Final word

Cybercriminals keep advancing and finding better ways to breach security systems. Your business security depends on a proactive approach in implementing security measures such as the use of firewalls, antivirus software, employee training, regular data backups, strong password policies, and multifactor authentication.

 

5 Cyber Security Tips for Remote Working

Workspaces are continually evolving, and more and more people are working from home. A recent survey reveals that 84% of businesses will likely increase remote work after COVID-19, despite spiked security concerns associated with working from home.

But how can you ensure that your business stays safe? Here are five tips to help you strengthen your remote working security and keep your data safe.

Train your employees

Being able to identify and avoid potential threats is a vital part of preventing cyber attacks. Considering that human error is the cause of most security breaches, it would be an excellent idea for you as a business owner to invest in employee training.

Some of the cybersecurity tips you can teach your staff includes:

  • Typing URLs into the search bar instead of clicking on links
  • Spotting suspicious emails and attachments and avoiding them
  • Setting strong passwords for their accounts
  • Using a different password for each of their accounts

You can also hold regular training sessions with a cybersecurity specialist. This will go a long way towards making your employees more tech-savvy and able to steer clear of security risks.

Use secure devices

One of the major security issues with  your employees working remotely is the security of the devices they use to access your company’s database.

If your employees are using their own computer and mobile devices to work from home, you should ensure that the devices are secure. Have your staff update their firewall and antivirus software to improve their devices’ security and minimize the likelihood of a cyber attack.

Better still, you can provide your employees with secure devices, especially if they handle sensitive data.

Have a disaster recovery plan

One of the most critical steps to take before you have your team working remotely is to create a disaster recovery plan.

Having a remote workforce doesn’t mean that your business cannot be affected by ransomware attacks and network outages. Luckily, there are steps you can take to avoid a lengthy downtime. Here are a few:

  • Back up your data as often as possible. If your business suffers a ransomware attack or network outage, you will have to restore your devices to the most recent backup. If you don’t do regular back-ups, you might end up losing vital business data.
  • Ensure that all your IT and the executive staff know the proper steps to take if a network breach happens. This will help minimize downtime by ensuring that everyone is on the same page.

Use the principle of least privilege

The principle of least privilege states that an employee should only have access to company resources that are critical to his ability to perform his duties effectively.

Therefore, if an employee does not need access to specific files in your company, they should not have it. It also means that you should reconsider giving admin privileges to those who do not truly need them.

Limit access to your businesses’ sensitive information and use strong passwords to prevent user accounts from being compromised. Additionally, log in all access activities and keep regularly monitoring so you can detect any unauthorized access attempts.

Use a VPN

A VPN (Virtual Private Network) is software that you and your employees can use together with public and home WI-FIs to ensure that all your internet traffic is encrypted before it goes to and from your office’s network or along a public internet signal.

Before information is allowed through your network firewall, a VPN will authenticate it to ensure that it is encrypted. VPN software also ensures that your network is still secure when employees communicate with each other, logging into programs, or sending information.

Final word

While working remotely comes with many perks, it also presents new cybersecurity challenges for most businesses. The tips we have discussed in this post will keep you and your employees better prepared to avoid cyber attacks. Remember to also implement physical security measures such as not using public Wi-Fi and never leaving their devices open after use.

How Electronic Identity Verification Helps Fight Financial Crime

 

Electronic identity verification is a process that helps businesses ensure that their clients provide them with information about a real person. In other words, it is the remote verification of a person’s identity through digital means. The process happens in two main steps:

  1. Documentary verification
  2. Non-documentary verification

Documentary verification

Verification systems use electronic means to check the photos on a client’s documents to determine whether the documents are authentic.  Examples of such documents are a driver’s license, passport, or another state identification document. They also check the details on the identification documents, such as name and date of birth, to ensure they are valid.

Verification software then compares the photo on the customer’s ID with a real-time photo.

Non-documentary verification

Businesses can check customer data against a number of databases.  These include those of government agencies, watch lists, adverse media, credit bureaus, and utilities. This helps get as much information as possible. It enables screening for negative information about the client, to avoid potential risk. The whole process can take just a few minutes.

 

How electronic identity verification helps fight financial crime

Electronic identity verification is an integral part of conducting due diligence in organizations such as brokerage firms, banks, insurance companies, and financial advisers.

Firms can detect potential financial fraud by identifying prospective customers suspected or convicted of financial crimes, and those on government watchlists and sanctions. They can also use electronic identity verification to keep their client lists updated.

Companies use electronic identity verification to prevent illegal activities like scams, harassment, and money laundering.

Additionally, these methods help businesses comply with Anti-money laundering laws (AML), Combating the Financing of Terrorism (CFT), and Know Your Customer laws (KYC). All these laws are meant to prevent criminals from committing crimes such as money laundering and financing terrorism.

Electronic identity verification methods also help prevent identity theft and financial identity theft. They do this by ensuring that the potential customers’ documents  are authentic, unaltered government-issued IDs.

Final word

Although there is a cost associated with electronic identity verification, it’s not as expensive as the long term consequences of working with people who are not who they say they are. Electronic identity verification is therefore indispensable for modern businesses. It can be a vital instrument to help you prevent fraud. It does this by identifying prospective customers who have been convicted of financial crime, are subject to government sanctions, are on international watch lists, and those who are politically exposed.