It's probably no surprise that hackers are improving techniques for cyber attacks against businesses of all sizes. As businesses make strides in protecting information, hackers have found additional ways to infiltrate businesses. One of those methods is social engineering.
by Joe Soda in Business Insurance on Wednesday, February 17, 2016
The United States Computer Emergency Readiness Team explains that social engineering attacks involve attackers using “human interaction (social skills) to obtain or compromise information about an organization or its computer systems.” In this type of attack, hackers typically take on a fraudulent identity to gain access to sensitive material from unsuspecting employees. Rather than tricking a computer, hackers are tricking employees into thinking they are a trustworthy source.
In a social engineering attack, hackers will often take advantage of company and personal information in order to appear legitimate. Through various online sources, such as company websites or social media channels, hackers can obtain information about top executives and employees that greatly aid in convincing targets of the identity they have taken on.
Through such methods, hackers are often able to gain an employee's trust, allowing them to collect sensitive business information or to ask for monetary funds.
It is not uncommon for hackers to request monetary funding through a wire transfer in social engineering attacks. In this case, the hacker will often be posing as a top company official with whom you typically do business. Requests often seem so official and realistic that employees do not notice they are being targeted.
While social engineering attacks are an increasing threat, there are measures you can implement to help safeguard your business. Here are a few tips to help prevent a social engineering attack at your practice:
- Hold regular cyber education classes to keep employees up to date on the various attacks they could face. Use this opportunity to warn employees of the necessary precautions they should take in the case of suspicious activity.
- Encourage employees to be aware of suspicious phone calls or emails and to report any suspicious activity to the appropriate personnel within your organization.
- Implement a policy to verify the identity of wire transfer recipients. This policy could include methods such as a callback procedure for monetary requests as well as verifying money transfers with others in the company prior to transferring funds.
- Do not provide personal or company information until you have verified the identity of a caller or emailer.
- Ensure you are using the proper security precautions offered by your bank or financial institution.
When it comes to cyber and data security, awareness is a key element to protection. Always remain aware of the various ways your business could be at risk of a cyber attack and the protections you can implement to help minimize that risk.