Ransomware and other types of hacking attacks have gained more attention in the news this year and have hit the radar of senior business managers. However, there is little information about the devastating effects of social engineering on business operations. Although it sounds like a benign technical term, social engineering is actually a form of hacking that often slips under the radar to have significant operational impacts. With social engineering, hackers attempt to make personal connections with people in the hopes they will give up key pieces of information that can result in large disruptions.
To exploit their victims, hackers open up fake accounts on sites like Facebook or Pinterest or they send out emails, hoping to connect with a trusting individual. These hackers will bide their time, sometimes taking months to establish relationships with people in order to gain their trust. They try to find out everything about their victims, including where they work, the type of work they perform, and the names of their pets or children (people often use these as passwords) and any other information that will help them exploit the situation.
Hackers are skilled in making themselves appear credible.
Sometimes they might call or email posing as a representative of a trusted company such as Microsoft and inform the individual they “have a critical update” that must be downloaded to their computer. But first they need the password or other important information to complete the task. An internet search of “critical update scam” shows scads of these ploys.
Hackers are successful because they are skilled in making themselves appear credible. Often they associate themselves with a reputable company or charity; sometimes they seemingly take a real interest in an individual’s life. After establishing trust, the hacker can gain access to internal systems or corporate email addresses, or they can download malicious software or perhaps even use extortion.
So what can businesses do to protect their sensitive data? They certainly can’t bar their employees from having personal email addresses or social media accounts. The recommendation is to train employees to watch out for signs of social engineering exploitation. Because hackers either use social media, phones or emails to exploit vulnerable workers, employees must pay attention to all forms of communication. This includes internal emails as well–some of the worst damage occurs when a hacker poses as a coworker asking for sensitive information. Companies need to instruct their employees to be wary of receiving any unusual emails or phone calls asking them to do out of the ordinary tasks.
Training employees about the pitfalls of social engineering brings awareness to the issue. If a hacker does attempt to contact an employee in any way, it should raise a red flag in the employee’s mind and they will know not to divulge any professional or personal information.
Hackers make millions using these methods and evidence points to them changing their approaches regularly. Every business owner and manager needs to develop a strategy to keep social engineering from causing harm by impacting productivity and profitability.