When it comes to protecting your business from most types of hacking, the best defense is...
Social Engineering tactics are hard to counter as they are constantly evolving in their ingenuity and they prey on human characteristics like respect for authority, desire to help and curiosity to name a few. However, there are a number of ways your organization and employees can defend against social engineering.
Below are six key ways to prevent social engineering attacks:
Check the source
When you receive a communication make sure you cross-check the source to ensure that who you are communicating with is in fact who he/she claims to be. If a request in an email looks to be suspicious or out of the ordinary, double-check the email address and if it is someone who you have communicated with in the past, cross-check the address with valid emails received from the same sender.
If you receive a call from an individual claiming to be an employee from an organization, and he or she asks for sensitive information, don’t feel obligated to take their credentials at face value, you can look up the official number for the organization they claim to be calling from and confirm if the request is genuine or not.
Knowledge is power
It is vital to ask yourself if the source of any communication you receive has the information you would expect them to have, such as your full name, date of birth or address. For instance, a lot of these social engineering tactics take the approach of masquerading as an authoritative figure like an employee from a bank or government institution, but when making requests they fail to have any of your information and do not follow any protocol like an actual bank or government employee would e.g. asking security questions before making any privileged changes to your account. Therefore familiarising yourself with how actual bank and government employees communicate can help you identify social engineering attempts.
Slow it down
Attackers who use social engineering tactics rely on an element of urgency to manipulate their target. Their requests will usually be accompanied with a warning of a consequence that will occur if you fail to meet their requests by a certain time. Attackers add this element of urgency to their messaging to make sure their victims don’t take the time to think through their requests, therefore it is vital that whenever you receive an email with a suspicious request, you take the time and do your due diligence to make sure you aren’t falling for a social engineering tactic.
Lock Down Your Cybersecurity & Compliance
Protect, Certify & Grow Your Business
StickmanCyber can help your business implement regular security training and awareness programs to make sure your employees know how to identify and prevent social engineering attacks.
Privacy, privacy, privacy!
A key to any successful social engineering attack is good research, attackers will comb the internet for any information they can get a hold of regarding their victim. This information will be used by the attacker to strengthen their attack, for instance, they may look at your social media for any personal details that may help them create a convincing character or story to manipulate their victims.
Therefore, it is crucial that you are careful about what you share online and who can see your online profiles. Having good privacy settings on your social media is vital, also ensure that the information you share online like an online resume has the appropriate information on it, for example, including email addresses, mobile numbers or your date of birth in your online resume is just more information for an attacker to use against you in their social engineering tactics.
Is this realistic?
Always question if a scenario or request is realistic, attackers rely on their victims to not be thinking analytically when receiving their communications.
- Will a friend or family member really request money or help via email?
- Will a famous celebrity really contact you for financial support?
- How realistic is it that your boss or manager will request for gift card payments?
Taking the time to assess if a request is realistic can derail any social engineering attack targeted at you.
The best way to avoid falling prey to social engineering attacks is to stay ahead of hackers. To do this individuals need to familiarise themselves with common types of social engineering attacks and how attackers behave. By doing so, you can get better at identifying social engineering attempts that get past your initial defences like your spam filter on your email
Reducing the Impact of Social Engineering Attacks
Apart from these, there are also a few ways to secure your devices in the event that an attacker successfully breaches your defences:
- Ensure your Anti-Malware and Anti-Virus software is up to date - doing this can help defend your computer against malware from phishing attacks
- Patch your security regularly - make sure that your software and firmware are up to date, especially by installing security patches.
- Don’t run your devices in administrator mode - even if attackers were to get access to your devices, they won’t have administrator privileges.
- Different passwords for different accounts - make sure that you don’t use the same password for all accounts, that way if an attacker manages to learn one of your passwords his/her access is limited to one account.
- Additional security measures - Other than a complex password, make sure you are using two-factor authentication for your accounts.
- Stay informed - Cybersecurity risks are constantly evolving, and it is vital that you keep yourself up to date with any new cyber threats.
- Change passwords - change your passwords on a regular basis and especially if you think someone may have gotten access to your password.
In conclusion, as attackers are getting more and more ingenious in their methods of deception it is vital that you put the above six methods into practice. It is important to note that there is no quick fix for information security, it involves a number of methods and continued effort, and security practices need to be continuously evaluated, improved and kept up to date. Successful social engineering attacks can have massive impacts on your welfare and the welfare of the organization you are working for, so it is important to stay vigilant.
StickmanCyber's team is equipped to help your employees recognise such attempts, and prevent social engineering attacks.
The First Step is Crucial. Start with a Cybersecurity Assessment
Where are you at your cybersecurity maturity journey? Get an assessment of your current security posture and identify the gaps and challenges that you need to act upon.