Businesses Threatened by Social Engineering Attacks: Top 3 Essential Tips to Protect Yourself

Social Engineering Attacks on Businesses

People know that the criminals stand to make some serious money if they steal sensitive data, especially when the said data belongs to a corporation. What they don't always realize is just how the bad guys get their hands on the loot. Often, it has nothing to do with physical access. It might not have anything to do with hacking the company's IT infrastructure, either. In fact, some people think that when it comes to data security, the biggest threat companies face is social engineering. Today, we'll try to give you some tips on what you can do to protect your company's data from conmen who use deceit rather than technical skills to steal corporate information.

    1. Use technology to protect your data

People think that social engineering has more to do with human psychology rather than electronic devices. They often reckon that protection against social engineering should be built in the brain rather than in the IT infrastructure. This is not strictly true.

In July of last year, for example, Google proudly announced that ever since it gave its employees YubiKeys and forced them to use two-factor authentication (2FA), it hasn't registered a single successful phishing attack. Considering the fact that a whopping 85 thousand people work for the Silicon Valley behemoth, this is quite an achievement.

As you can see, it's important not only to train employees to use two-factor authentication, but it's also crucial to choose the most secure form of 2FA. And they don't come any more secure than U2F hardware tokens.

Other pieces of technology can also help. A solid password management solution, for example, gives employees an easy way of avoiding weak passwords and password reuse (two things that can make a social engineering attack fairly easy to pull off). A password manager with auto-fill functionality will also fill in the login credentials only if the URL is correct which could also help employees avoid giving away their usernames and passwords. It should go without saying that companies should think about investing in security software if they haven't already.

The size of the investment depends on the size of the organization and the potential damage. Common sense dictates, however, that anti-phishing and malware filters should fend off most social engineered emails (the most common attack vector), and if a malicious file does get through, a security product installed on the employees' computers could act as a last line of defense.

So, technology can help businesses protect themselves from social engineering attacks. It is far from enough, though.

    1. Raise as much awareness as possible

Many people say that when it comes to cybersecurity, the human is the weakest link. We reckon, however, that a more accurate statement would be that the weakest link is the human who doesn't know any better.

Many organizations wrongly assume that their team is too good to fall for a social engineering attack. They also tend to underestimate the attackers, and when things eventually end up horribly wrong, they don't even know what hit them.

Prevention, as the cliché says, is the mother of all cures, and when it comes to social engineering in the corporate world, prevention involves a bit more than installing the latest piece of security software on employees' computers. People should get to know the threat, and, more importantly, they should realize just how real it is.

Some corporations think that the best way to do this is to put all employees in a conference room and treat them to a PowerPoint presentation. Others take an even more impersonal approach and instead send an email with a few "MUST READ" articles on social engineering.

As another cliché says, experience is the mother of wisdom, and if we have to go by that one, the training methods listed above shouldn't be terribly effective. Indeed, most activities that involve a PowerPoint presentation usually produce more yawns than education, and there's no denying the fact that employees and managers don't always see eye to eye when it comes to what's useful and what isn't.

The upshot is that if people are to know how dangerous social engineering is, they need to see it for themselves. Training them by simulating attacks is the way to go. Better still, if you can hire experts to prepare the simulation, your employees will get a more realistic experience. Don't rely on a single training session, though. Attacks evolve with time, the schemes become more elaborate, and although there are recurring themes, they exploit weaknesses (both human and technological) that haven't been abused before. Keep your employees up-to-date with the latest trends and make sure that they're alert at all times. Last but not least, prepare yourself for the worst.

    1. Control access to the organization's online assets

Even with the best security products in place and with the most knowledgeable employees, you should never assume that the bad guys won't be able to con their way into your company. On the contrary – your best bet is to get used to living with the thought that sooner or later, they will break in. It's up to you to ensure that when they do, they won't be able to walk away with a lot.

You must make sure that the damage is contained as much as possible and the only way to do that is to impose limits on what employees must and mustn't access. To keep the morale up, you should think about what you can do to explain the reasons for your decisions. People must know that a lack of trust has nothing to do with the access limits. If a particular person can't get to a certain piece of information, it's not because they're not good enough to handle it. It's because they don't need it to do their job. Obviously, if a certain type of data is required for the task in hand, it must be available.

This ensures that if things go wrong, as little information as possible is put at risk. Pay particularly close attention to the people who are most likely to be attacked. Managers and C-class employees tend to think that since they are the ones calling the shots, there should be no off-limits zones for them. The reality, as is often the case, is a bit different. Try to explain to them what the repercussions of having unlimited access could be, and make sure that they are aware of what you're doing and why. In the end, it's their call, but you can at least let them know what's best for them.

One more problem modern businesses face is the so-called Bring Your Own Device (or BYOD) policy. The trend of employees using their personal laptops, smartphones, and tablets for work purposes has been particularly strong in recent years. More and more people want to do it, and more and more organizations are starting to allow it, saying that it has obvious productivity gains. Nevertheless, the security risks should be obvious. Try to weigh the advantages and disadvantages carefully, and if you do decide to allow it, make sure that there are strict rules as to what can be used and when. When there is so much at stake, you can never be too careful.

Conclusion

Unfortunately, there isn't (and there never will be) a step-by-step algorithm that can guarantee successful protection against social engineering scams. In fact, the tips we listed above might be nowhere near enough to shield your organization against this kind of activity. They should help you acquire the right mindset, though, which is very important if you want to correctly assess what your company needs.

By Duran
January 3, 2019
Tips
English
January 3, 2019
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Tips

What You Need to Know About Social Engineering to Protect Your Passwords and Virtual Identity

The term 'social engineering' was born way back in the late 19th century, and it was invented by European industrialists who had some issues with disgruntled employees. Their idea was that just as regular engineers... Read more

September 14, 2018
Tips

Top 7 Tips to Protect Your Cryptocurrency Wallet

Many consider owning cryptocurrency a great investment and the rising numbers of people creating new cryptocurrency wallets do not surprise anymore. For example, according to Statista.com the number of Blockchain... Read more

August 23, 2018
Tips

What Can Banks Do to Protect Data from Future Cyber Attacks

Putting our hard-earned money in the bank is a great idea, isn't it? All of your cash in one place, locked in a vault. You can make all the financial transactions you want with just a payment card. Convenient and also... Read more

November 28, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.