Many successful cyber hacks against businesses today begin with the simplest of characters: the con artist. A popular plot idea for movies and novels in years past, the con artist is still alive and well today. But instead of fake business deals or Ponzi schemes (those still happen BTW), many con artists now leverage social engineering. All such cons start with a building of trust, and your business may already be compromised.
When business owners consider cybersecurity issues, many picture intricate attacks that infiltrate networks and cause millions of dollars in damage. However, social engineering attacks, though just as dangerous, are quiet cyber actions that victims unknowingly welcome into their IT infrastructure. Instead of the hacker forcing an entry, they utilize trickery to be welcomed in.
Social engineering is the act of preying on human psychology and trust to gain access to buildings, systems, financial information, or sensitive data. Even businesses with the best security for their computer systems, networks, and office space can still open the door to social engineering attacks.
Social Engineering Examples
Common Types of Social Engineering Attacks
Verizon reported that in 2019, opens in a new window33 percent of all data breaches included social attacks. To prevent them, it helps to understand the main types. Here’s a better look at social engineering attacks and how to prevent them.
This is the most common type of social engineering attack. Phishing is an email or other communication that appears legitimate, but instead is secretly trying to steal information. Hackers disguise these communications as being from someone at a company, typically a management-level individual, and trick the victim to click on a link that will route them to an unsecured site. From there, the hackers either capture user information such as passwords and bank account info, or they download malware onto the victim’s computer.
Pretexting relies on establishing a false circumstance for contacting an employee. For instance, a scammer may pose as an existing supplier that needs to verify financial routing information. These attacks seem to be legitimate correspondence and the imposter can pose as a banker, supplier, client, vendor, or even an employee.
These attacks offer the victim a deal they can’t pass up. An employee may receive an attractive promotional email or a USB flash drive by standard mail. The item promises something of benefit, such as a gift card or discount at a restaurant, but in reality, the employee downloads malware to their computer.
How To Limit Attacks
Take a few steps to limit exposure to these risks and boost awareness among employees.
- Use Technology to Your Advantage: Security technology can limit exposure to these attacks. Companies should invest in updated antivirus, antimalware, and security software and hardware to prevent intrusions. For example, email filtering software can identify and remove known phishing attacks before they land in an employee’s inbox.
- Keep Education a Priority: Continually educate employees about social engineering. Services exist to build a resistance by training employees to recognize these attacks. Social engineering relies on naivety or trickery. Security education trains employees to understand common tactics and strategies used by hackers and enables them to recognize a fraudulent message or offer.
- Limit Access to Sensitive Information: Information not known or unable to be accessed cannot be compromised. Many social engineering attacks rely on using small bits of sensitive information in the first place. Therefore, regularly shred company records that include sensitive information, including employee data. The same need exists to purge outdated digital records. Establish protocols to manage digital information and allow its access on a need to know basis.
- Seek Out Vulnerabilities: After complying with the above, conduct regular tests to gauge employee preparedness to handle social engineering attacks. These tests will help identify gaps in security policies as well as provide additional training opportunities.
Clients, download our 45 page cyber security planning guide from your MyWave portal. Simply log in to MyWave and type “cyber security planning guide” into the search bar. It will be the first document to show up. However, take time to browse the hundreds of other cyber security documents and resources available as you see fit.
Don’t have access to MyWave yet?Request Access
Contact your Bankers Insurance agent regarding questions on further securing your risk against social engineering attacks through cyber liability insurance. Not a client of ours? Let us earn your business! Each client is assigned a personal agent in our office and provided a phone number that rings right on their desk.Cyber Liability Insurance Quote