Social engineering: A cyber risk deadly in its simplicity

Editor’s note: The following blog is adapted from “Cyber Risks and Liabilities: Protecting Your Intangible Assets from Social Engineering Fraud.” Copyright 2012,  Zywave, Inc. All rights reserved.
A couple of “firemen” walk into your business with badges, walkie-talkies and proper identification, so the last thing you are thinking of is a cyber risk called Social Engineering.

When they say that they are there for a routine fire safety inspection, they certainly look and act the part, so your receptionist lets them. They split up, do their work, thank you for your cooperation, walk out the door and are never heard from again.

Meanwhile, everything seems like it’s on the up and up — right until days or weeks later your computer system is compromised, customer credit card numbers are stolen and sales are dropping. Your company has just become a victim of social engineering, and your company can pay dearly for this misstep.

Social engineering is the act of taking advantage of human behavior (like tricking people into breaking normal security procedures) to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system — humans. This ability to take advantage of human nature poses one of the greatest threats for companies today, as social engineers can steal sensitive documents, get employees to divulge sensitive information or compromise computers at work — all while posing as someone people view as credible and who they can trust.

The effects from social engineering can be harmful both to a company’s morale and its bottom line, especially when clients’ private information is concerned. Here are a few ways to prevent social engineering from damaging or ruining your company:

• Put policies in place limiting the amount of sensitive information available to your employees. Never allow employees to give out passwords or credit card numbers over the phone.

 

• Never write down passwords on paper. Keep changing your password on a regular basis.

 

• Have employees wear badges with their name and picture on them. It is also important to have employees swipe their badges to get into different sections of the building.

Social engineering is becoming a very easy and effective way for a criminal to steal your digital assets.  Contact The Plexus Groupe LLC today at plexusgroupe.com or at 847-307-6100 to learn more about our capabilities to protect your company against security risks and losses due to social engineering.