As our lives have moved online, so has the social engineer. No longer targeting the most vulnerable, social engineering is turning its focus to businesses, both big and small. Here are some useful tips that you can impart to your staff right away to help them spot social engineering and look after your business.
Social engineering tactics
Digital social engineering scams that are targeted at businesses can be a little harder to spot than those obvious ‘Nigerian Prince’ efforts. These are some of the most common social engineering methods.
Baiting – leaving a malware ridden USB lying around. If you or an employee finds a USB, it must never be plugged in to any devices. It can infect your entire company system.
Spear phishing – These are more personal than the feeble Prince emails. They have a personal and friendly tone and will be targeted at specific people.
Scareware – these pop up and tell you that your device is infected, usually asking you to download a defensive programme, which is usually malware itself.
Even the most legitimate looking emails should be treated with suspicion. If an email ever asks your staff to ‘verify’ anything, then they should immediately report the email to IT. A social engineering email might claim to come from a customer, or claim to be another business responding to a request for help. Most emails like these ask staff to follow links that eventually take them to a form which requires personal information. This is where the fraudster takes the information that they are after – passwords, bank information etc.
Education and security
You should hold regular training sessions with your staff to safeguard against social engineering. You can show your staff examples of phishing emails and scareware. You can demonstrate to them how to contact IT support should they need to. There are resources online to help you to train your staff. For security systems, you can search for Cheltenham IT support and reach out to companies like reformit.co.uk for advice on how to safeguard your business.
Protect your business and your staff today, with the right knowledge and up to date security software. By taking social engineering seriously, together we can make sure they don’t catch you out.