When we think of cybercrime, hackers, and criminals, we like to think of bad people we can easily pick out from the crowd. They stand out in their behavior. We have what it takes to see through their charms.
In reality, that’s where most of us fail. Social engineering isn’t well talked about and isn’t well-known because it’s not about installing the newest technology or securing your password credentials. The only way to protect against social engineering is to educate your employees.
Because social engineers are perfect criminals. They exploit workers to gain access to data or sensitive areas of your practice. Once in, they take what they want, and go as deep as they possibly can.
Who Are Social Engineers?
Social engineers aren’t wallflowers, introverts, or tech nerds who love hiding out. Instead, they have vibrant personalities that like to be seen. They are experts at flirting, love sucking up to whoever will listen, and won’t shy away from intimidation.
They do enough research to find a way in. Then, the game begins. They send emails, call over the phone, or meet in person. They throw their wit and charm on and bring on the attack.
They don’t stop at the front desk; they walk in like they own the place. They don’t lurk around corners; they take up space in the hallways. You know they’re there. (That’s part of their charm!)
They might be fake nurses, roaming the halls in scrubs to fit in. Nobody thinks twice about them whipping out their phones to text … even if they’re snapping photos of sticky notes with passwords on them, or of patient files.
Or maybe a new hire. With so many new hires going through your facility, do you have protocol alerting other team members to who’s new? If not, social engineers might be able to say, “Hi, I’m new,” and be able to shadow employees all day.
Common Social Engineering Examples
If the above examples sound far-fetched, they aren’t. Social engineers are willing to try anything. Of course, for many of their tactics, they don’t even have to leave their desks.
They can go phishing, sending emails, ads, or links to websites that look like they come from reliable sources. All it takes is a click.
They can try vishing, where they make phone calls or leave voicemails trying to convince people to reveal personal information.
Or maybe baiting will work. They make a false promise or offer a prize to pull people into a trap to gain the information they want.
Honey trapping works well, where they create fake profiles to connect with victims. With a relationship built, they can extract any information they desire.
See all the possibilities? So do social engineers. They’re so confident in what they do, they’re willing to try anything. According to Cisco, 90 percent of all attacks start with a simple phishing email.
The Key Is Training
Hopefully you’re reading here that your employees are your weakest link. They’re vulnerable. And they are almost always at the heart of an attack.
Making your work site a little less vulnerable means properly training your employees over and over again.
Start by rethinking training. Chances are they went through a training program when they were hired. Maybe you have a mandatory training session each year. It’s not enough. Repetition is what gets through and reminds them of what’s at stake. Make it fun. Make it regular. And make sure they’re trained.
Security should also be a part of the company culture. Employees mirror what they see others doing. It starts at the top, and it weaves its way through everyone on staff. Don’t take shortcuts because you “get it.” Shortcuts tend to spread.
Haven’t done a deep-dive with your security policies? It’s time to tighten them up. Social engineers are experts at finding weaknesses, so find ways to fill yours with policies. Have protocols for every security issue. Test employees, so they know what to do. Not sure where your weaknesses are? This is where you start.
Sometimes, what you don’t know can hurt you. Maybe today is the day you reach out and discover more. And stop social engineering before it occurs.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.