What's That Term?: Social Engineering
The IT industry is technical and complicated, but it doesn’t have to be impossible to understand. In conversations with our clients and end users, we try to break down IT lingo into easy to understand terminology. Our What’s That Term? Series offers definitions for some of the most common words and terms in today's technology vocabulary.
Keeping your information secure is practically a full time job in and of itself and this form of hacking is not subject to the online world alone. Because there are both physical and cyber methods, we’ll take a hard look at what social engineering is so you can be prepared whenever you’re on the internet.
What is it?
Social engineering comes in many different shapes and forms, but any time a hacker tries to influence, use deception or manipulate a person through trickery in order to get private information that can be useful to them in some way, they are employing social engineering tactics.
Oftentimes, this comes in the form of passwords, your credit card information or your Social Security Number. All of these can grant a hacker access to information that can be used to steal your identity, gain entry into your bank accounts or just make your life miserable.
As alluded to earlier, there are a number of ways in which hackers use social engineering. Here are some of the most common:
Social Media
Hackers will disguise themselves as someone they believe you trust such as a celebrity, friend or loved one. They do this by a quick search of your contacts or your patterns, and then they use the trust you have with them to get you to click a link or open a video that ends up infecting your device.
Spear Phishing
This is a technique hackers use to specifically target an individual or group. By focusing their attack on one person or similar group, they can make the email they send much more convincing since they rely on your habits and interests to hook you in. They typically try to get confidential info such as company secrets or bank information rather than distributing malware, although this can also happen in spear phishing.
CEO Fraud
In many cases, a hacker will find the CEO’s information online and use that as a cover in order to send malicious emails looking for company records or other sensitive material.
Tailgating
Even though this may not be what comes to mind when you think of cyber criminals, many still use old fashioned methods for gaining access to information. If it works they’ll do it, and one of them is this stupidly simple technique of waiting outside a building until an opportunity arises to sneak in without having the proper credentials. Once inside, they’ve bypassed the first and often most crucial line of defense against hackers. All they need at that point is to find a place they can hack, and they’ll have access to a ton of data.
Shoulder Surfing
Another seemingly outdated physical method of gaining information is this technique which sees a hacker looking over your shoulder in an attempt to find your login information. Once they have that, they can use it to gain access to a variety of networks or use it to manipulate you into giving them what they want. Besides being downright rude for invading your personal space, they’ve also invaded your online privacy.
Why you’ve heard it
Everyone is probably aware of the classic Nigerian Prince scam by now, but most people would probably never fall for it nowadays.
However, the thing about social engineering is that it is constantly evolving and reflecting the social patterns we tend to make either as a society or as individuals.
For every new piece of technology that is created, someone is going to find a way to transform it into a tool for gathering information for their benefit. As long as there is a constant presence of technology or information to be had, social engineering will be a thing. It is just an unfortunate fact of life, which is why so many of us are used to existing in a world in which they take place. It’s all around us.
Likewise, big companies are constantly getting hacked, leading to embarrassment and damage to their reputation as well as harm to their employee and customer security. These types of stories are big headlines and can potentially affect you depending on the company.
Despite being a constant presence in modern life, there are steps you can take to be better protected from being the victim of a social engineering scam.
Our Advice
Establish a culture that is more security minded
Training your staff on the various forms of social engineering and what to look out for is an important step for their individual safety as well as the companies as a whole. If done right, it can boost morale and create a stronger team or unified coworkers ready to fight off any security threat.
Make security policies easy to follow
Even though technology may be confusing to some, it is important that all members of your staff be able to identify and act against various types of cyber threats. Making a plan that is straightforward and easy to digest while still covering all that is needed is key to team success. This should involve information classification, how to properly dispose of outdated documents, password management, physical methods of security and establishing multi-factor authentication among many others.
Develop positive habits
Good habits can change the entire landscape of a business, and part of that comes with establishing positive changes to how people go about their security protocols. Try and instill in your team the use of passphrases and quarterly changes in any passwords they use. They should always log out of any device when they are walking away from it, and they should also be aware of their surroundings when logging in to any device or app. Alerting others right away when any suspicious activity is thought to have occurred is a good method for preventing the spread of any malicious information that can quickly infect the whole office if left unchecked.
Keep your systems up-to-date
If you have old or outdated equipment or software, the likelihood of an attack is much higher. By constantly being on the cutting edge of technology and systems safety techniques, your team will be better protected if a hacker does try anything. Along with these new systems should come the proper instruction and adjustment periods. An employee who isn’t given the proper time to learn the system can cause just as much if not more damage than any external threat.
When all of this is put in place, you and your team will be better prepared for anything that comes your way in terms of a social engineering attack.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.