You can have top-notch security in place in your business, but there is still one danger – ‘social engineering’. Most people have never heard of it but perhaps the more familiar term is ‘con’: the art of manipulating people to take certain actions or divulge private information.
Social engineers are a special type of hacker who skip the hassle of writing code and go straight for the weakest link in your security defences – people. A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.
Here are just a few examples of how social engineers work:-
Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from.
The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly sends a reply.
Posing as IT support, a government Official or customer, the hacker plausibly and quickly manipulates someone into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-centre noise to trigger empathy or trust.
A delivery man in uniform gets past most people without question, as does a repairman. The social engineer can then quickly move into areas of your business that may have sensitive information. Once inside, they essentially become invisible, free to install network listening software or devices, read a note with a password on it, or tamper with your business in other ways.
For example, if your Wi-Fi code is visible (and we see this all the time on ‘post-it’ notes and written signs) then the hacker can get access to your network simply by sitting in a car outside your building and connecting to your network with that password.
Then, with the right knowledge and software, they can cause all sorts of issues.
It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Staff naturally try to be helpful, but this can also be a weakness.
Not just in Businesses either – remember that there are regular reports of people being conned by plausible sounding phone calls out of the blue, from people pretending to be from your broadband company or Microsoft – just wanting to get connected to your computer.
So what can you do to protect your Business? First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example.
We recommend that there should be awareness of the possibility of a security breach – you don’t need formal cyber-security training for each member of staff but the level of risk needs to be identified, focusing on the types of scenarios staff might find themselves in.
Social engineering is too dangerous to take lightly, and unfortunately far too common.
Talk to us about your cyber security options today. Call us at 01455 209505.