Social engineers are hackers who skip the hassle of writing code and go straight for the weakest link in your security – your employees. A phone call, a cheap disguise, or a casual email may be all it takes to gain access, no matter what protections you have in place. Here are just a few examples of how social engineers work:
Email: These hackers pretend to be a co-worker or customer who ‘quickly’ need a certain piece of information. It could be a shipping address, login, or contact detail that they pretend they already know, but simply don’t have right in front of them. The email may even tell you where to get the data from. The hacker may create a sense of urgency. Your caring employee is naturally inclined to help and quickly sends a reply.
Phone: Many hackers will pose as a customer, government official, or even IT support. This way they easily manipulate your employee into giving them information or even changing a password. Phone attacks are harder to identify and they are normally more persuasive and aggressive.
In person: A person in a delivery or repair uniform can get past people without any question. Normally, if they get by the person at the front desk, they can then move into more susceptible areas of your business. Once they are in, they become almost invisible to staff-free to install network listening devices and read all the post-it-notes with passwords written on them.
You never know when or how a social engineer will strike. Your staff have been trained to be helpful but this training can also be a weakness. What can you do to protect your business? It is important to know that not all of your employees have the same level of interaction with people. For example, the front desk person taking calls and greeting visitors would be at a higher risk that a factory worker. You have to look at your industry; your business and how it is set up.
We recommend cyber-security training for each level of risk identified, focusing on responding to the types of scenarios they might find themselves in. Social engineering is too dangerous to take lightly, and far too common for comfort. Talk to us about your cyber security options today. Call us at 937-660-4899