As a relentless headline issue that affected everybody and caused drastic upheaval to our day-to-day lives, COVID-19 provided a perfect theme for social engineering attacks.
For example, fake emails from delivery services that included attachments for the address of a warehouse where people could pick up a shipment that did not reach its destination. Or bank phishing attacks with emails offering benefits and bonuses to customers because of the pandemic. The emails contained a file with instructions or links to get more details.
At the same time, the overnight shift of large numbers of employees to remote working increased the threat target area for cyber attacks as more devices were placed outside the protection of the corporate network.
Both of those trends are likely to continue this year, possibly even longer.
People are your protection
Social engineering attacks are popular with cybercriminals because they’re relatively easy to deploy and can bypass the sophisticated security systems that prevent other types of attack.
Instead of trying to find a technical flaw in your company’s security and trying to exploit it, social engineering can trick your employees into launching the malicious content themselves.
The simplicity of social engineering is part of its effectiveness, but it also means prevention measures can be simple too.
If it takes a person to click on an email to launch an attack, all it takes to prevent it is for the person not to click on it.
Your business can create a human firewall if your employees are provided with the right training and awareness. Teach them what to look for when they get an email asking to click on a link or a phone call asking for information. Caution is the watchword.
It can be tempting to overlook employees and put most of your security efforts into software and hardware to keep threats from reaching workers. But consider the different ways they connect to the internet and the range of potential sources of attack: email, Facebook, LinkedIn, Twitter and other web pages.
If you neglect employee education, you’re leaving them vulnerable to attack if your security technology doesn’t stop the attacks getting through.
Thankfully, there are simple ways for employees to identify most social engineering or phishing attacks, such as hovering the mouse over links, verifying URLs and paying closer attention to email addresses or domain names.
Don’t isolate remote workers
Newly remote workers have had a lot to learn. Their usual working pattern has been disrupted, the systems they use are different and their environment has changed. Many of them have lost the social engagement they had with colleagues in the office and are working in isolation in a bedroom or kitchen.
The monotony of that isolation presents an opportunity for cyber criminals and social engineering attacks. Physical social interaction has been replaced with digital social engagement which could open up a new path for social engineering attacks.
Preventing social engineering attacks
There are several ways to protect against social engineering attacks:
Educate employees to make them aware of the risk of social engineering attacks. The more awareness they have the better your company’s security.
Protect your devices by deploying a unified endpoint management system to provide the same level of security to remote devices you would expect inside your headquarters.
Protect your data by tiering access according to its sensitivity. For example, you might define your data in three groups: freely accessible with little restriction, company confidential material and strictly confidential data.
An email filter is another simple yet effective defense against social engineering attacks. Almost all successful attacks use email to gain information or infect machines.
Treat LinkedIn, Facebook and other business social media sites with caution. Only connect to those you know or do business with.
We can help you address the wide range of cyber risks that your business faces, including phishing awareness, penetration testing, and unified endpoint management.