Breaking Down Social Engineering

Breaking Down Social Engineering

Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or the workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well.  

 

External Threats 

With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system. 

 

Baiting 

First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations.  

 

Phishing

This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email or log in to check on a policy violation. Usually, the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book.  

 

Spear Phishing 

Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer.   

  

Internal Threats 

Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier.  

 

Tailgating 

Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access.  

 

Psychology 

Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it? 

 

Public Information 

Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person. 

 

Pretexting 

Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, but they can also easily steal your identity with pertinent information like social security numbers or banking information. 

 

Prevention 

Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate-looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek is user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.

Business Evolution

Business Evolution

Social media platforms are a scary new front for most businesses. There are so many differing opinions about social media in the workplace. However, besides the main players like Facebook and Instagram, there are many social-related platforms that can evolve your business and increase communication and productivity amongst employees and clients. 

Social platforms and related software are part of the natural progression and evolution of business. Its currently being used in most businesses for collaboration, feedback, and research to name a few. It’s understandable to be hesitant, but could this improve your current processes? The answer is yes.  

Currently, social media platforms offer business utilization. This alone can cut out a lot of the daily customer service calls your office manager may be receiving each day. It won’t take the place of techs if work is needed, but many simple questions or inquiries can be answered. By doing that, you can also boost the number of leads your sales team are receiving too. Now your office manager can get off the phone and answer questions through the platform while they are working on other items. This can also help marketing ventures by visually showing you a slew of analytics that can assist in knowing what people want from you, or like to see.   

Communication between employees can also be enhanced and done more efficiently with social platforms. Microsoft Office offers a platform called Teams. Instead of walking all the way to someone’s office or trying to multitask while needing answers without a phone call, you can type in a name and send a message to anyone in the company. It cuts time in half, you get quick on the spot response or support. Techs don’t even have to leave their desk. Contact them via teams and they can begin to fix an issue remotely. This isn’t your only option, simply an example. There are several platforms that service so many areas of SMBs.  

Employee to employee communication isn’t the only thing that benefits from social tools. Client communication does as well. Many of these platforms offer things like instant messages, video conferencing, screen shares and team sites. Think about the amount of time that is saved for both the employee and the client. Your tech can be in the office working remote instead of spending an entire day at a client’s office. You can share documents, walk a client through a simple fix with a quick screen share. This is a huge win for employee productivity and efficiency, not only that but client expectations will be exceeded in a timely manner.  

Finally, social media, social tools, and social platforms are all shown to increase morale within a business. They are allowing employees to streamline their jobs without the stress and hassle of attempting to collaborate with different people via email or an office visit. It also shows them that you trust them to use these things on work time and not abuse the privilege. Taking a small break to check Facebook or network with a client makes a surprising difference in the workplace. Do some research and find out what would work best for your business. It never hurts to give it a try. For all you know, the results may surprise you.

Social Media Use Policy

Social Media Use Policy

Everywhere you turn today you will find social media. People taking selfies at the grocery store, responding to Instagram while walking down the street, and of course checking Facebook status while clocked in at work. What do you do when social media use gets out of hand in the workplace? It can seem like a never-ending battle with employees, but it doesn’t have to be that way.  

Before you go any further, draft up a social media use policy. This will save you headaches and possible litigation. Employees can agree to it and follow it or they can find work elsewhere. Sounds harsh, I know, but your business's reputation is not worth Mary’s selfie. Don’t get me wrong, the policy doesn’t have to be rigid and forceful. Your employees are adults and can handle responsibility. Similar to a job description, policies allow for clarification and accountability. Great for both employer and employee.  

To create a social media use policy, start by splitting the policy between company official accounts and personal accounts. Then take a look at rules and regulations. With this part, you want to clearly overview your brand as well as how you want it perceived. It is important that employees are on the same page for this. That way the message is consistent across all platforms, no matter who posts or comments, talk about confidentiality and what company info can or cannot be shared. It can be similar to the non-disclosure you had your employees sign when they got hired. Then, of course, outline the potential consequences to not following these guidelines. Ensure these are clear and concise because a loophole can be quickly manipulated. Then you can go onto the same steps but for personal use.  

Once you have that jotted down, you can move to the next part, roles and responsibilities. It is in this section that you have to figure out who will have access to the company’s social media or to any in general. Think about it, it might not be best to block it altogether. You can harness the power of social media for your benefit though if you play it smart. Your marketing team will need it, well, to market. Sales can keep in touch with prospects or members easily and it gives all parties conformation that you care. Beyond that, you may want to give your receptionist or office manager access in order to help with customer service on different platforms.  

While working on this, keep a few things in mind. Don’t discourage use, and ensure the language of the document sounds positive. Employees will get upset with a big change to what they’re used to. A list of don’ts is only frustrating and discouraging. Also, be transparent on why you have a policy. Let them know that productivity has been affected. Not only that, be clear with them about the potential security risks you are trying to avoid. Train the employees using company social media how to see security risks and what to look for. Then finally, explain how a policy keeps everyone honest and accountable. As long as you are transparent about the new policy, implementing it shouldn’t be a huge issue. If you have employees assist you in drafting this document, that’s even better. They are part of the change and not being steamrolled by it.