According to PurpleSec, cybercrime has increased 600% since the beginning of the Covid pandemic. We all know we can implement the strongest security systems to help prevent an attack; but how do we protect our team and workers from being exploited and manipulated into exposing the systems?
This is one of the best ways to help prevent a social engineering attack. Make sure that all your staff are trained so that they can spot not only a potential security breach but also when an email or call isn’t legitimate. We have already written about how social engineering attacks work but your team also needs to know what this means for them, and what to look out for.
When you receive an email asking for information or to click a link, always check who sent it. Don’t simply check the sender’s name, but also look at the email address. If you don’t recognise it and think it is suspicious, either contact your IT support as soon as possible or permanently delete it. It is also worth sending a message around to your team in case they try to contact anyone else for this information. This applies to any method of communication; if it’s a phone call, ask where they are calling from, or if you receive a USB drive, contact the sender to find out where it came from.
If the communication has come from what looks like an official authority, find the main website and contact a representative that way. This will tell you whether the communication is legitimate or a potential social engineering attempt.
Cyber criminals often play on a person’s sense of urgency and so they will state something needs doing now. They may well state it is urgent, but take a minute and don’t rush. Think carefully, check all the details, and make sure it is legitimate before you continue. Taking those extra few minutes to consider the sender could prevent a serious social engineering attack.
- Implement a good spam filter
Investing in a good spam filter for your email systems can significantly help in the fight against social engineering attacks. This means that more emails will be filtered out before they even reach your inbox, meaning you won’t need to worry about whether it is legitimate or not.
If you are concerned about the identity of the caller, visitor or email sender then don’t be afraid to ask for ID. If it is a call, ask them who they report to, what their name is, what department they are calling from. With all this information you can call up the company directly to check whether all their details match up. Don’t be afraid to say you will call them back after checking a few details, if they are a credible company, they will understand. Making this company-wide policy may also help prevent future attacks and gives employees a process to harness.
These tips are just the tip of the iceberg when it comes to preventing a social engineering attack, but the key to it all is awareness. All your employees need to know what to watch out for, what should set off alarm bells in their mind and how to manage this. Raising awareness of all these different social engineering attacks and in what form they can appear will give you all a distinct advantage in preventing them gaining access to your systems, network, and data.