Social Engineering: sounds like something out of a sci-fi movie with Tom Cruise doesn’t it? Unfortunately it’s not, it’s something real. Social engineering, in the context of security means the art of manipulating people to share personal or confidential information. Employed online, it’s essentially about eavesdropping, exploited through Trojans, viruses and so on.
If you’re into internet security and up-to-date on your online scams you have probably invested in some state-of-the-art software security suite like BullGuard Internet Security. What you don’t know is that a social engineering attack could sneak past all of those technological defences you’ve invested in.
How? Social engineering doesn’t just operate on the world wide web, they’re out there in the big bad world planning their corruption as well. What you think might be fire inspectors conducting a walk through at your office, may actually be cybercriminals exploring access points to your business’ private information. Surely, you’d think you wouldn’t fall for that. In fact, chances are you might. To help you recognize them, we’ve gathered a few key tricks we know social engineers use to gain access to things they shouldn’t be given access to.
- They do their research
By the time a social engineer comes to your door, you can pretty much guarantee he knows exactly what he’s walking in to. He’s been conducting research on your company for months and knows everything from the names of specific employees off of LinkedIn, to the organisational chart.
- One piece of info is all they need
Relying on the snowball effect, they are able to gain access to more information by simply calling your secretary and pretending to be a publicist, or sharing the one piece of information he knows. Even just by using company lingo on the phone, he begins to sound like an insider, and someone that can be trusted with the information he is asking for.
How many times have you heard “Can you hold the door for me?” or “I left my access card inside”? And how many times have you obliged? Even if you’ve never seen that person before, you assume they work in your building. But that individual could have been a social engineering loitering outside your building waiting for the opportunity to gain access. Most people won’t ask others to show proof that they have permission to be there, and social engineers rely on this human trait.
So aside from being rude to other people that work in your building and have forgotten their keys and aren’t social engineers, what can you do to avoid becoming a victim of a social engineering attack at work?
- Implement a clean desk policy to ensure that sensitive material isn’t left lying around for prying eyes
- Set up a coffee morning for your security team to meet your fellow employees and set up a line of communication between the two. Establishing a relationship between employees and security will encourage employees to speak up sooner, should they see something or someone suspicious.
- Organise a training program. Work with your HR department to hire an outside source, just make sure they’re not social engineers!
- Keep employees engaged. A security aware culture will help to keep everyone safe, not just your sensitive business information.
Firewalls and security software suites won’t do much when you’re tricked into letting strangers access your building, that part is up to you. But they are a good investment to ensure your computer and its content remains for your eyes only. BullGuard Internet Security comes with antivirus, safe browsing, a spam filter and more to protect you from all online threats. While we promise you award-winning protection, it’s up to you who you let into your business or your home.
Subscribe to the BullGuard Blog for the latest internet security trends and advice.