We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.

croom new

Preferred Blog

Preferred has been serving the Tinley Park area since 1991, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Social Engineering and Your Business

Social Engineering and Your Business

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

What is Social Engineering?

Social Engineering is the act of manipulating people into providing access credentials to criminals that aren’t supposed to have access to a system. To do this, the social engineer uses his/her influence (real or not) to trick people into supplying the needed information.

The act of social engineering can be approached in multiple ways. Hackers can take advantage of user carelessness, they can come in as a helpful party, they can take advantage of an individual’s fear, and they can exploit a person’s comfort zone. Let’s take a look at each.

User Carelessness

Despite the need for information systems, companies largely depend on individual users to secure their own endpoints. Sure, they will put in place a set of tools designed to keep network resources secure, but overall, it is important for each user to maintain vigilance over their own workstation and other network-attached devices. If they aren’t, scammers can obtain access fairly easily. 

If they can’t use spam or phishing messages to gain access, they may have to try an alternate method. For example, a scammer may gain access to your workspace. If your people ignore best practices for convenience and leave credentials or correspondence out in the open, a scammer looking for things like this will be able to leverage that mishap into access most of the time. 

Perceived Helpfulness

Most people will help people that are having trouble. The impulse to be helpful can be taken advantage of if the “victim” is a hacker. People can hold the door for a cyberthief giving them access to your office. They can use information syphoned from the web to gain a person’s trust and then use the trusting nature of good people for nefarious means. Moreover, it is natural to want to help someone, so you and your staff have to be careful that they are, in fact, in need of help and not looking to steal access to company resources.

Working Within the Comfort Zone

Most workers do what they are told. If they have somewhat repetitive tasks, they may grow complacent. Social engineering tactics will take advantage of this, especially at a large company. The scammer will get into your office and if some employees are used to random people just milling around, they won’t really pay any mind. 

We typically like to think about hackers as loners that sit in the dark and slurp energy drinks while they surf the Dark Web. While this description is fun, it’s not realistic. Hackers, the ones that you should be worried about, know your company’s weakest points and will take advantage of them. If that weakest link is the complacency of your employees, that will be the way they will approach it. Unfortunately, this also technically includes insider threats.

Fear Tactics

Getting someone to do something out of fear is effective, but can be risky. The more fear someone has, the more they will look to others to help mitigate it. That’s why most fear tactics, nowadays, come in the form of phishing messages. Using email, instant messaging, SMS, or other means to get someone worried enough to react to a threat takes a believable story that could produce an impulsive reaction by a user. Fear has long been known to be a powerful motivator, so it really is no surprise that cybercriminals would resort to this means to coerce their targets into compliance. 

We Can Help 

If you would like more information about social engineering or any other cybersecurity issue, contact the IT experts at Preferred at 708-781-7110. 

Why is My Network Slow?
Google is Introducing Verified Business SMS to And...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, November 16 2024

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Blog Archive

      Latest Blog Entry

      Financial management and accounting are two business needs that apply to all organizations of any size or industry. Fortunately, these organizations have access to tools like Intuit QuickBooks to help them fill these needs in a way that is accessible and convenient. Let’s re...

      Latest News

      Best Places to Work - 5 YEARS STRONG!!

      Preferred is once again, honored for being a Best Place to Work for the fifth straight year!  Our team is what makes Preferred a Best Place to Work.  

      Daily Herald Suburban Business 2024 Best Places to Work Honorees The Daily Herald Suburban Business has announced the names of 51 companies, in 5 categories of competition, that are honored as the 2024 Best Places to Work in Illinois. This statewide survey and awards program was designed to identify, recognize and honor the best places of employment in Illinois, benefiting the state's economy, its workforce and businesses.