Click Me! Click Me!
It?s the email titled ?Please Read: Bonus Update? ? Who would not want to know more about their bonus? Money is a definite motivator. And so the social engineering attack begins.
Social Engineering targets your company?s human firewall ? your employees. Social Engineering is an attempt to steal information by exploiting human error instead of hacking into a system. Social Engineering has many forms including email, social media, phone, or in person. All your efforts and resources committed to cybersecurity including cybersecurity talent, system hardening, firewalls, multi-factor authentication, least privilege access, VPNs, etc. are ineffective if your employees who have access are susceptible to social engineering attacks.
According to the 2019 Verizon Data Breach Investigation Report (DBIR), there has been a +18-point increase in social engineering breaches between 2013 and 2018. The research shows your users are more susceptible to social attacks on mobile devices; more specifically email-based spear phishing, spoofing attacks that mimic known webpages, and social media attacks. The mobile device form factor makes it not only convenient to carry around, but the limited screen size can make it difficult to check the validity of emails and requests on a mobile device. Additionally, the use of phishing and credential theft with cloud-based emails are also on the rise. How do you help your team to protect themselves?
Strengthen the ?Human Firewall? At Your Organization
Hackers prey on our most basic human instincts, such as trust and curiosity, to use social engineering techniques to steal passwords, money, and other sensitive data. The best defense of social engineering is to educate your employees, so they recognize social engineering hustle. The ?human firewall? is the human layer of security protection that follow cybersecurity best practices.?
Begin with Security Awareness Training??
An untrained employee isadds a huge security threat to your organization. Due to the high success rate of social engineering attacks, educating your employees about the common tactics of social engineering should be a mandatory first step. The training should ?make it real? by including storytelling and videos of social engineering in action - a mix of both human and technology-based threats.?
Sometimes our employees make mistakes (they are human after all). Additional tools should be implemented to thwart attacks. A layered approach to cybersecurity can help protect your organization from outside threats:?
- Anti-Virus/Anti-Phishing Defense: Use a multi-layered approach to protect your employees from social engineering by securing email gateways, desktop & mobile device antivirus software. These tools can often prevent the hacking attempt by quarantining the hack.
- Password Management: All organizations that take cybersecurity seriously must document recommendations on how to securely maintain and manage passwords. The policy should include definitions for a strong password along with guidelines for storage. Advise your workforce not to share passwords with anyone for any reason. Include password management in an annual required training; it?s not enough to create a policy. You need to ensure employees are aware and understand the policy is a must.
- Two-Factor Authentication: Use more than one factor for authentication. A password is an example of authentication. If a social engineered hack is successful in getting a password; multi-factor authentication can make all the difference in getting access to your business resource. A second factor, either hardware or app-based is recommended; these are physical items the ?would be? hacker should not have access to that mitigates the threat.
Ready to Take Your First Steps towards Developing Your Cybersecurity Plan?
Let's schedule a meeting to discuss your company's needs.