Social engineering is a form of techniques employed by cyber criminals designed to lure unsuspecting users into sending them their credentials, valuable company data or other confidential information.
Social Engineering is a threat that is both on the physical and cyber level.
Hackers will try to exploit a user’s lack of knowledge about security to gain access to their premises, computers, or other source of information.
Unfortunately, employees are the weakest link for their company’s security as 95% of cybersecurity breaches are due to human error.
Social Engineering represent a high risk for business which can lead into the following:
• Loss of data
• Loss of clients and reputation
• Loss of trust and relationship (with vendors, banks, shareholders)
In a business, all information can be at risk. Small details should not be overlooked.
Hackers will target in priority the following information:
• Sensitive information (about the company, its vendors, employees, etc.)
• Private information
• Personally identifiable information (usernames, passwords, …)
Since 2013 there are 3,809,448 records stolen from breaches everyday: the equivalent of 2,645 per minute (Cybersecurity Ventures).
As an employee, you can help secure your company.
There are 8 easy tips to turn the tables around:
Weak passwords and usernames are hacker’s favorite way to gain access to a system.
Always remember your password is personal:
• Do not display a password or write them down to make it easy to remember.
• Do not share a password or username, even with a co-worker.
A survey carried out for the Info Security Europe trade show in 2018, shows that more than 70% of people would reveal their computer password in exchange for a bar of chocolate.
2. Unknown Sources
Attackers will try to infect your computer(s) with malware or ask you to open links to infected websites.
• Never open emails in the spam folder or emails whose recipients you do not know.
• When email is from an unknown origin, do not click on links, download files, or open email attachments
• Have an up-to-date and reputable antivirus software
Hackers could also try to gain access to your computers and valuable data by using tricks.
One of the most common example would be the use of USB drive: a hacker could intentionally leave a USB drivekey behind in the premises or asking reception to print something for them from a USB.
Employee identification (ID) cards and name tag ID, discount cards, or even transportation passes are highly sensitive information.
A lose or misuse of badges can result in steal of value or identity.
Hackers may use RFID readers to access your data (readers can be purchased on amazon for as low as $16).
An easy way for employee to protect themselves would be to purchase an RFID blocker wallet or card protector.
4. Social Security Number
According to Javelin Strategy & Research (2018 Identity Fraud: Fraud Enters a New Era of Complexity) there were 16.7 million victims of identity fraud in 2018 with more Social Security numbers exposed than credit card numbers.
First thing to do when your social security number has been stolen or lost is to report the identity theft to the responsible government agencies.
You can fill at IdentityTheft.gov.
Filling a police report will assist in recover from identity theft.
5. Customer Receipts
Personal customer financial information gain from payment card transactions can easily be stole and use by hackers.
As customers are not always aware of the lack of security by some merchants, easy tips to avoid exposing your data are:
• If you are not comfortable with the store policy, shop elsewhere
• Do not leave your receipts: destroy them or store them.
6. Health Records
Hackers are targeting medical providers and health insurers and looking for medical prescriptions, financial credit data, medical test results. Hackers can request ransom against those records.
Recent studies have shown that over 75% of healthcare industry has been infected with malware in 2016, including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Personal health information and records transmitted by fax, email or placed unto an unsecured media expose the patient information.
Risks are limited by following HIPAA rules.
Spector Security can assist into conducting a risk assessment of healthcare organization.
7. Unprotected Wi-Fi Networks
Approximately 24.7% of Wi-Fi hotspots in the world do not use any encryption at all (Kaspersky Security Network).
Any hacker located near an access point can easily intercept all traffic and stole information they are interested in.
Whenever the Wi-Fi connection is not secured by a password, simply do not connect to it.
8. Driver’s License Number
Through driver’s license, hackers can access an individual records and other personal data.
It could also be used to create a false identity for social engineers.
• Never photograph/email or scan your driver’s license
• Should you need to send a copy of your driver’s license, make sure the copy is manually deleted after its intended use.
Employee should be trained and tested at least every year.
Spector Security offers security assessments and training in Social Engineering.
Learn more (https://www.spectorsecurity.com/security-assessment-services/social-engineering/).