Social Engineering Techniques and Ways to Protect Your Network
Bad news. Many businesses fail to realize that network security is about more than just protecting your digital realm through outlets like advanced software and a dedicated IT company. Nowadays, protecting your network resides with your human capital as well.
Do your employees know how to protect your network and all the data within it? Can your coworkers spot a malicious email or link before clicking on it? Do your staff members know how to secure your digital information from social exploits by sophisticated hackers?
A London news outlet reported on a survey conducted on behalf of social engineering back in 2003. Yes, it was a while ago, but the results are still shocking today and still represent a very real threat to our network security:
Within this article, they discussed how workers were prepared to exchange their password for a free pen, and many of these workers nonchalantly communicated the origin of their password. What made this worse was that many of these passwords fell into easy-to-guess categories such as their name or favorite football team.
While this survey was conducted over a decade ago, much hasn’t changed. According to a report released by Verizon a few years ago, 23% of all people open phishing messages. Social-engineer.org claims that social engineering is used in over 66% of attacks, and 67% of the people they interact with will give out their personal information, no questions asked.
So what exactly is social engineering? Social engineering is a tactic hackers use to exploit information from people. These attempts can expand from very general situations to an extremely targeted approach.
From emails and phone calls to in-person meetings, hackers employ a variety of social avenues to extract the information they need. Their goal? To get employees and everyday people to break standard security procedures and expose their company's network protection.
What do these attempts look like? Most often, these attempts will come to people in the form of phishing emails, which many people are familiar with. But like mentioned previously, 23% of all phishing recipients still open these emails.
Phishing emails contain malicious links or downloads and are intended to steal data and corrupt your system with tools like various malware. These emails may even ask you to respond with personal information to assist in an “urgent” matter, and too many people will comply.
Hackers will go as far as to pick up the phone or travel to your place of employment. When this happens, you better believe they’ve done their research, and there are a few different methods hackers can take to trick you into breaking standard security protocols.
If you’ve ever worked in a building with a keyed entrance or lived in a gated community, have you ever let someone follow you through the door? Maybe even held the door open for them and allowed them to go in before you - because you are such a polite person? This is what social engineering does. Once they’re inside, they’re good to go.
But it doesn’t stop there. They’ll ease their way in through social graces. All it takes is a few compliments and the right string of words to get people to let down their guards and release information they shouldn’t. On the other end of the spectrum, if you’re stuck in an uncomfortable situation where people are acting angry or hostile towards you or your coworkers, you may just say, “Sure, fine,” to avoid feeling more discomfort.
So how do you avoid giving away the right information to the wrong person? Simple. You stay aware and skeptical. Always be aware of your environment and be suspicious of every unusual email you receive. If ever you’re concerned, hang up the phone or delete the email. Contact the source directly and never allow anyone to mislead you or give up identifiable information of yours or your company's.
If you’re an employee, stay vigilant; it only takes one person to let in an unwanted guest. If you’re an owner, make sure to take the time to educate your employees on the dangers of social engineering and how easy it is for hackers to take sensitive data, or better yet, invest in managed IT services to eliminate the headache.
Although this does not always ensure that you will never have a data breach, the best network protection is knowledge, so stay on top of it!
Want to Learn More?
Posted by Erica Kastner
Erica Kastner is a lead Marketing Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.