When you think of a cyber attack, social engineering doesn’t jump to the top of concerns. But it’s a genuine threat, and it’s one you need to take seriously. Even the best network security precautions may not stop a social engineer from gaining valuable information about your business. Your employees are the front line of defense against social engineering, and they need to be aware of what to look for.
Why Social Engineering Works
Ask anyone about what they think of cyber attacks and most will think of hacking or cracking through complex network security to steal information. Social engineering doesn’t work like most cyber attacks. Instead of being a forced attack against the network, social engineering extracts information from the company’s employees. By appearing to be someone trustworthy, the cybercriminal, or social engineer, can lure the employee into providing sensitive information.
Not appearing like the typical cyber attack is what makes social engineering so successful. It’s a level of sophistication not expected from a cybercriminal that makes the employee put their guard down. An attack like social engineering is more than just emailing or calling an employee and having them tell you company information. It takes a social engineer a considerable amount of planning and company information to pull off the attack. Information that is available online for anyone to find, if they know where to look.
Public information about your company is available from a variety of places. This makes the social engineer’s job a whole lot easier.
Sample Information Gathered for Social Engineering
It’s just come to be a fact that there is a lot of your company’s information online, it’s what you don’t realize is readily available that can be alarming. The following list is information that a social engineer can easily find online. This list is not comprehensive but gives you an idea of what you need to be aware is available.
Knowing what kind of technology is used by a company is incredibly valuable to a social engineer, and they are easy for them to find. When your company is looking to hire someone, it’s common to mention what technology they will be working with. This information allows you to get the right candidate. It also gives the cybercriminal a peek behind the curtain. It’s not just job postings that give the information away. A seemingly innocent picture posted on the company’s social media could have network hardware or sensitive information in full view.
While we’re talking about social media, it’s important to make sure that company information isn’t put online through oversharing. This could be the company or an employee’s social media account. You will need to take extra care when sharing posts or images online. Without knowing it, you could give out information on a screen or the model of computers used in the office. Any little piece of information could be the key to unlock your company’s data for a social engineer.
You should implement a social media policy for your employees when it comes to company information. Sharing work schedules or work experience could put your entire security at risk.
You can be as cautious as you can with postings and what you share on social media, but there will always be something out of your control. Other companies or vendors you are in business with may share their experience working with you to show their value to other companies. Even janitorial services and trash pickup providers could put you at risk if there is any vital information taken and not disposed of properly.
The information above shouldn’t scare you from putting up job postings or sharing things online, but it will give you a better idea of how to look at what you share. And provide examples to employees on what to look out for regarding a social engineering threat.
Your entire company needs to work together to fight off threats to your network security. Having the latest in network security, like firewalls, antivirus software, and authentication measures, are essential to keeping your company’s information safe.
To learn more about keeping your company’s information and network safe, call IT Support Guys at 855-4IT-GUYS (855-448-4897).