Safeguarding Your Corporate Environment from Social Engineering
Social Engineering strategies are schemes used to exploit the human vulnerability factor – the weakest link in an organization - to gain access to sensitive data
Technology on a global scale is getting smarter by the day. Breaching systems, networks and devices is no longer a piece of cake as it used to be many years ago. The majority of manufacturers are shipping devices which are considered secure out of the box; operating system manufacturers actively discourage insecure practices such as blank passwords, and online services have raised the bar to enhance the security on their platforms.
However, not having the right tools in place and failing to train employees on their role in information security is why hackers in the dark world are not relenting in devising new means of carrying out their acts. Very often you can find these unscrupulous individuals and groups concocting ingenious social engineering strategies to give them unauthorized access which they use for their monetary benefit.
Social Engineering strategies are schemes used to exploit the human vulnerability factor – the weakest link in an organization - to gain access to sensitive data.
No organisation can truly afford a data breach - Here are some useful tips to secure yourself and your organization from social engineering hacking attempts.
Be Informed After buying various hardware and software firewalls to prevent your devices and corporate network from hackers, it is important to secure the human loophole also. A single flaw or mistake by an individual can render an enterprise firewall useless and open an avenue for hackers to gain easy access. The most exploited forms of social engineering are phishing and spear phishing attacks. The antidote to this human loophole is information. Individuals should be informed about social engineering tricks and corporations should also organize training programs to help their staff recognize these ploys, so they don’t fall victim.
Limit the Information you Divulge of Social Media These days, everybody and their pet are on social media. Unfortunately, social media has become an open book where many people write the stories of their lives. Simply taking a look at the timeline of such people can empower a hacker to impersonate such an individual. The social media is great, use it to socialize and not to post your demographic information to the public. If your full names, date of birth, phone numbers, email addresses, names of family members are online, you are divulging too much information already.
Use of Technology
Use the Latest Software Research has shown that some of the information that hackers seek to gain unauthorized access to victims’ devices will not be valuable if these devices are up to date with all security patches installed. It is best to set your operating systems and software to download and install updates automatically so they can be up to date at all times.
Flag emails from new people Humans are naturally curious and tend to click on links and emails being sent to them without thinking much about security. Be careful in performing any action when you receive an email from a sender for the first time. Whether the email is in the spam folder or your inbox, do not click on links indiscriminately. When the link is a shortened URL, do not click at all. Be double cautious if the link takes you to another website that is asking for your personal information in exchange for some free stuff. Do not offer any details you cannot give to a real life stranger on the street!
Don’t answer out of place questions Hackers will like to communicate with less knowledgeable people who may not be aware of the sensitivity of the information they are divulging. When you receive calls asking for information which is not within your prerogative, forward such questions to the right person. Moreover, if the question seems unnecessary or you are confused, hold on and call your organisation.
Implement security procedures Password management guidelines such as how often should a password be changed or the length and characters of a password must be implemented. Use of multi-factor authentication and anti-virus/ spam filters can minimize the threat of phishing and other social engineering attacks on an enterprise. It is important to secure physical access to sensitive assets as well as monitor employee and visitor movement by making use of ID cards, CCTV monitoring, biometrics, and passwords.
Implement security policies Information leakage occurs due to the human vulnerability factor. To avoid data leakage and theft, security policies such as sensitive information classification, management, and destruction policies should be maintained for all departments including management and IT. Confidential and sensitive information is shared between employees and businesses on a regular basis. Before information is shared, the sender must verify the identity and authorization of the receiver as well as the need for information request. Employees are to be made be aware of fake technical support and password reset requests from IT support.
Proper Incidence Response System Despite having security policies in place, organizations can still be compromised because social engineering attacks target the weakness of people to be helpful or their natural inclination to trust. Therefore, it is important to have a proper incidence response system in place to combat a social engineering attempt and to educate employees on the guidelines to be followed in case of such an attempt.
Being aware and taking steps to increase awareness is the best and the most powerful tool in the battle against cyber-crimes such as social engineering. With a little caution and abiding with the organizational policies, individuals and corporations can avoid becoming victims of social engineering ploys.
Farrhad Acidwalla (B.Com. LL.B.) is a 25-year-old Indian entrepreneur, investor and TEDx speaker. He started off as one of the youngest entrepreneurs in the world and is best known as the founder of Rockstah Media and CYBERNETIV DIGITAL. Farrhad has worked with leading global enterprises and influencers. He has led teams that have assisted in securing brands like Atlassian, Asus, Lenovo and Microsoft. Farrhad is a frequently invited speaker at several educational institutions across the country, including IITs and IIMs. He has been featured by CNN, DNA, The Times of India, The Telegraph (UK), and VOGUE India, to name a few.