How to Prevent Social Engineering Attacks

By Denise | October 20, 2016

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use phishing / social engineering to break in.

And it’s not just the big companies you hear about on the news. In June of 2016, it was reported that the Concord, NH School district suffered a major data breach because a cyber criminal masqueraded as the school superintendent requesting information. They succeeded in obtaining names, addresses, social security numbers, as well as additional tax and contribution fund information.

In a 2016 survey, the APWH (Anti-Phishing Working Group) reported the total number of unique phishing sites observed in the second quarter of 2016 was 466,065. This was 61% higher than Q4 of 2015! Cyber criminals are getting more and more bold, and daring.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness training for your employees so you can stay vigilant. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Here’s how to protect your network from a costly cyber attack

As a fellow business owner in the New England area, I’d like you to take advantage of our extensive research and experience in protecting data networks for small and medium companies. Our business owner’s guide, “The Top 10 Ways Hackers Get Around Your Firewall And Anti-Virus To Rob You Blind” steps you through 10 ways to protect your company from the coming deluge of cyber attacks we can expect over the years to come.

Contact us today by filling out the below form, or call us at 603-869-7323 to get your, FREE copy. We’ve still got a few of the hard copy versions and I’d like to send it to you, so contact us now while they’re still available. I look forward to sending you this valuable guide right away.

Contact Us