5 Social Engineering Strategies That Threaten Your Company
February 16, 2017
Regardless of how much your company may have invested in its cyber security, there will always be one glaring vulnerability—the people that work there. Instead of using sophisticated and malicious computer codes, cyber criminals employ social engineering strategies to gain access to your company’s confidential information. These strategies are meant to persuade, trick, blackmail, threaten, or deceive you and your employees in order to help cyber criminals carry out their crimes. What’s more, is that a recent study published by the Federation of Small Businesses found that 66 per cent of its members were victims of cyber attacks within the past two years—and that 86 per cent of these attacks were social engineering scams.
To help your company identify these types of attacks, be on the lookout for the five most common social engineering strategies:
- Phishing is when emails are sent from an allegedly trusted source—such as your bank—and ask for sensitive information, such as your password(s).
- Spear phishing is a specialised attack on a specific person—such as someone in the accounting department at your company.
- Physical baiting is when a criminal leaves a piece of hardware—such as a USB stick or CD—that has been infected with malware at the office in hopes that someone will load it into an office computer.
- Pretexting occurs when an attacker poses as someone within your company—such as a senior IT manager—or someone your company regularly does business with—like a supplier—and creates false, urgent circumstances to compel an individual to provide sensitive information.
- CEO fraud is when a criminal poses as the CEO or another senior member of your company in order to pressure someone that is able to initiate payments to transfer money to a specific bank account.
Protecting against social engineering strategies is simple as long as you implement the following strategies:
- Establish a process for requesting and authorising payments that requires two points of contact.
- Organise a procedure for what employees should do if they receive an unusual or suspicious email.
- Provide your entire staff—from the directors and officers all the way down to the interns—with comprehensive cyber security training to ensure that they know how to identify and manage cyber security threats.
Risk management alone is no match for today’s sophisticated cyber criminals. To ensure your company stays protected, pair your cyber security efforts with a comprehensive cyber insurance policy.