Bad news. Many businesses fail to realize that network security is about more than just protecting your digital realm through outlets like advanced software and a dedicated IT company. Nowadays, protecting your network resides with your human capital as well.
Do your employees know how to protect your network and all the data within it? Can your coworkers spot a malicious email or link before clicking on it? Do your staff members know how to secure your digital information from social exploits by sophisticated hackers?
A London news outlet reported on a survey conducted on behalf of social engineering back in 2003. Yes, it was a while ago, but the results were shocking. Within this article, they discussed how workers were prepared to exchange their password for a free pen, and many of these workers nonchalantly communicated the origin of their password. What made this worse was that many of these passwords fell into easy-to-guess categories such as their name or favorite football team.
While this survey was conducted over a decade ago, much hasn’t changed. According to a report released by Verizon a couple years ago, 23% of allpeople open phishing messages. Social-engineer.org claims that social engineering is used in over 66% of attacks, and 67% of the people they interact with will give out their personal information, no questions asked.
So what exactly is social engineering? Social engineering is a tactic hackers use to exploit information from people. These attempts can expand from very general situations to an extremely targeted approach. From emails and phone calls to in-person meetings, hackers employ a variety of socialavenues to extract the information they need. Their goal? To get business workers and everyday people to break standard security procedures.
What do these attempts look like? Most often, these will come to people in the form of phishing emails, which many people are familiar with. But like mentioned previously, 23% of all phishing recipients still open these emails. Phishing emails contain malicious links or downloads and are intended to steal data and corrupt your system. These emails may even ask you to respond with personal information to assist in an “urgent” matter, and too many people will comply.
Hackers will go as far as to pick up the phone or travel to your place of employment. When this happens, you better believe they’ve done their research, and there are a few different methods hackers can take to trick you into breaking standard security protocols.
If you’ve ever worked in a building with a keyed entrance or lived in a gatedcommunity, have you ever let someone follow you in? Maybe even held the door open for them and allowed them to go in before you? This is social engineering. Once they’re inside, they’re good to go.
But it doesn’t stop there. They’ll ease their way in through social graces. All it takes is a few compliments and the right string of words to get people to let down their guards and release information they shouldn’t. On the other end of the spectrum, if you’re stuck in an uncomfortable situation where people are acting angry or hostile towards you or your coworkers, you may just say, “Sure, fine,” to avoid feeling more discomfort.
So how do you avoid giving away the right information to the wrong person?Simple. You stay aware and skeptical. Always be aware of your environment and be suspicious of every unusual email you receive. If ever you’re concerned, hang up the phone or delete the email. Contact the source directly and never allow anyone to mislead you.
If you’re an employee, stay vigilant. If you’re an owner, make sure to take the time to educate your employees on the dangers of social engineering and how easy it is for hackers to take sensitive data. The best defense is knowledge, so stay on top of it!