Many businesses fail to realize that network security is about more than protecting your digital realm through outlets such as advanced software and a dedicated IT company. Nowadays, protecting your network resides with your human capital, as well.
Do your employees know how to protect your network and all the data within it? Can your coworkers spot a malicious email or link before clicking on it? Do your staff members know how to secure you digital information from social exploits by sophisticated hackers?
A London news outlet reported on a survey conducted on behalf of social engineering back in 2003. Within this article, they discussed how workers were prepared to exchange their password for a free pen, and many of these workers nonchalantly communicated the origin of their password. What made this worse was that many of these passwords fell into easy-to-guess categories such as their name or favorite football team.
While this survey was conducted nearly a decade ago, much hasn’t changed. According to a report released by Verizon this year, 23% of all people open phishing messages. Social-engineer.org claims that social engineering is used in over 66% of attacks, and 67% of the people they interact with will give out their personal information—no questions asked.
But what is Social Engineering? Social engineering is a tactic hackers use to exploit information from people. These attempts can expand to very general situations to an extremely targeted approach. From emails and phone calls to in-person meetings, hackers employ a variety of social avenues to extract the information they need. The bottom line? To get business workers and everyday people to break standard security procedures.
What do these attempts look like? Most often, these will come to people in the form of phishing emails, which many people are familiar with. But like mentioned previously, 23% of all phishing recipients still open these emails. Phishing emails contain malicious links and downloads and are intended to steal data and corrupt your system. These emails may even ask you to respond with personal information to assist in an “urgent” matter, and too many people will comply.
Hackers will go as far as to pick up the phone or travel to your place of employment. When this happens, you better believe they’ve done their research, and there are a few different methods hackers can take to trick you into breaking standard security protocols.
If you’ve ever worked in a building with a keyed entrance or lived in a gated community, have you ever let someone follow you in? Maybe even held the door open for them and allowed them to go in before you? This is social engineering. Once they’re inside, they’re good to go.
But it doesn’t stop there. They’ll ease their way in through social graces. All it takes is a few compliments and the right string of words to get people to let down their guards and release information they shouldn’t. On the other end of the spectrum, if you’re stuck in an uncomfortable situation where people are acting angry or hostile towards you or your coworkers, you may just say, “Sure, fine” to avoid feeling more discomfort.
So how do avoid giving away the right information to the wrong person? Simple. You stay aware and skeptical. Always be aware of your environment and be suspicious of every unusual email you receive. If ever you’re concerned, hang up the phone or delete the email. Contact the source directly and never allow anyone to mislead you.