Has your business ever received a phone call asking for information that was a little too personal? Has anyone every called claiming to be from another department or home office asking for you to do something that is out of the norm? Has your business received an email claiming to be from a reputable source asking for information or to change a password? If so, you may have been a target for a Social Engineering attack.
What is Social Engineering?
Social Engineering is a way that attackers use deception to solicit information such as passwords or Personal Identification Numbers(PINs) from unwitting victims. Even the most technology focused company can fall victim to these attacks.
Examples of Social Engineering could include:
- a thief calling a help desk pretending to be a user whose password needs to be reset
- someone claiming to be from “Home Office” or another department asking for Gift Cards to be activated/li>
- Phishing attempts: emails that claim to be from a reputable source asking for user information. Typically, these are accompanied by a threat if the user does not comply with the request/li>
It is important to be aware of social engineering because it has been on the rise for years and impacts every industry. From retail to manufacturing, the ploy may be different, but the end goal of the scammer is the same. As with most scams, the culprits are getting more and more sophisticated and are adapting to today’s business environments.
How to Prevent and Prepare for a Social Engineering Attempt:
Since Social Engineering attempts are difficult to predict, the best way to prevent these attacks from impacting your business is to train your team to on what to look out for. By having an informed, empowered staff, your team will be able to know what to do and feel comfortable handling situations. If they are unsure, then they can reach out to their supervisor for input.
Below are three ways that your business can be prepared for Social Engineering attempts:
1) Educate your team on the Company policy:
Company policy should outline what to do in certain scenarios. Most companies already have a company policy that all employees read and sign at the beginning of their employment. This works as the framework for how an employee should handle all interactions. If an employee chooses to deviate from the outlined protocols, then there may be serious consequences. Also, an employer is able to hold that employee accountable to their actions if the company policy is addressed from the get-go. It is important that employers stress certain details in the company policy.
2) Inform you team about Possible or Previous Social Engineering Attacks:
Most companies have faced some sort of social engineering event in their history. Each staff member should be aware of these attacks pertinent to their role and should learn to keep an eye out for them. The better informed the staff is, the better prepared they will be. This will lead to them being able to quickly identify the social engieering attempt and swiftly handle the situation.
3) Keep an Open-door Policy with your staff:
A team that trusts their leader will be more likely to report anything unusual or ask for help when needed. However, if the team fears repercussions, then they may not report any incidents or will comply with what the caller or emailer is asking for without consulting their superior. Managers and owners of companies need to empower their employees to make educated decisions. Empowered employees are more likely to seek help when needed.
Though Social Engineering may be difficult to spot, training your team and creating an awareness of the issue is a great place to start. With training and supervisor support, your team will be able to spot and handle social engineering attempts. You work hard to build your business, don’t let scammers profit from it!
Want to learn more? Check out our SlideShare Presentation: Click here!
Schedule a Cyber Security Consultation: Click here!