Tuesday, April 3, 2012

Protect your business by understanding common social engineering techniques

Social engineering is the manipulation of the natural human tendency to trust. A social engineer’s main goal is gaining unauthorized access to systems or information in order to commit fraud. In most cases the social engineer never comes face to face with the victim. Social Engineering is steadily increasing as cyber criminals exploit people in tough economic times. Anyone can be a target for social engineers, including small businesses.



Educate yourself and your employees
As a small business, you may always update your anti-virus software, but what other actions do you take to keep your business secure? For example, have you educated your employees recently on what information is safe to divulge and to whom they can divulge it? Understanding social engineering techniques can help you develop a plan for how to protect your business from them.

Before you give any information away, think about the following:
  1. Why are you you being asked for this information? Is it usual to be asked for this sort of information in this format?
  2. Is the request coming from a known source?
  3. What consequences might come from misuse of the information you've been asked to provide or the action you have to take?
  4. Is there pressure to take action now?
Using this list can help you think carefully before providing a response and make you more confident in your decision before divulging sensitive information.

Recognize the signs
The list below describes some of the more common social engineering techniques:
  1. Impersonation: They may pose as a repairman, helpdesk tech or trusted third party.
  2. Name Dropping: They may use names of people from your company/family to make you believe they know you and gain your trust.
  3. Aggression: They also may try to intimidate you by threatening to escalate to a manager / executive if you do not provide the information/access they have requested.
  4. Conformity: They may tell you that everyone else has provided the information so it’s fine for you to provide the same.
  5. Friendliness: Over time, they may contact you with an aim of building up a rapport with you. Eventually the social engineer will ask for sensitive information when he/she feels the trust has been built up.
Stay tuned for future posts on keeping your business secure, and check out online safety tips anytime on our Good to Know website.

Posted by Katrina Blake, Risk Analyst