Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Social Engineering and Your Business

Social Engineering and Your Business

As prevalent as cybersecurity threats unfortunately are today, many users tend to overlook major threats that they just aren’t focused on nearly as much: social engineering attacks. Social engineering attacks are just another means for a cybercriminal to reach their desired ends, and therefore needed to be protected against.

What is Social Engineering?

Social Engineering is the act of manipulating people into providing access credentials to criminals that aren’t supposed to have access to a system. To do this, the social engineer uses his/her influence (real or not) to trick people into supplying the needed information.

The act of social engineering can be approached in multiple ways. Hackers can take advantage of user carelessness, they can come in as a helpful party, they can take advantage of an individual’s fear, and they can exploit a person’s comfort zone. Let’s take a look at each.

User Carelessness

Despite the need for information systems, companies largely depend on individual users to secure their own endpoints. Sure, they will put in place a set of tools designed to keep network resources secure, but overall, it is important for each user to maintain vigilance over their own workstation and other network-attached devices. If they aren’t, scammers can obtain access fairly easily. 

If they can’t use spam or phishing messages to gain access, they may have to try an alternate method. For example, a scammer may gain access to your workspace. If your people ignore best practices for convenience and leave credentials or correspondence out in the open, a scammer looking for things like this will be able to leverage that mishap into access most of the time. 

Perceived Helpfulness

Most people will help people that are having trouble. The impulse to be helpful can be taken advantage of if the “victim” is a hacker. People can hold the door for a cyberthief giving them access to your office. They can use information syphoned from the web to gain a person’s trust and then use the trusting nature of good people for nefarious means. Moreover, it is natural to want to help someone, so you and your staff have to be careful that they are, in fact, in need of help and not looking to steal access to company resources.

Working Within the Comfort Zone

Most workers do what they are told. If they have somewhat repetitive tasks, they may grow complacent. Social engineering tactics will take advantage of this, especially at a large company. The scammer will get into your office and if some employees are used to random people just milling around, they won’t really pay any mind. 

We typically like to think about hackers as loners that sit in the dark and slurp energy drinks while they surf the Dark Web. While this description is fun, it’s not realistic. Hackers, the ones that you should be worried about, know your company’s weakest points and will take advantage of them. If that weakest link is the complacency of your employees, that will be the way they will approach it. Unfortunately, this also technically includes insider threats.

Fear Tactics

Getting someone to do something out of fear is effective, but can be risky. The more fear someone has, the more they will look to others to help mitigate it. That’s why most fear tactics, nowadays, come in the form of phishing messages. Using email, instant messaging, SMS, or other means to get someone worried enough to react to a threat takes a believable story that could produce an impulsive reaction by a user. Fear has long been known to be a powerful motivator, so it really is no surprise that cybercriminals would resort to this means to coerce their targets into compliance. 

We Can Help 

If you would like more information about social engineering or any other cybersecurity issue, contact the IT experts at 415 IT at (415) 295-4898. 

Why is My Network Slow?
Google is Introducing Verified Business SMS to And...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, April 03 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data Backup Data Network Security IT Support Hosted Solutions Privacy Cloud Data Recovery Software IT Services Outsourced IT Email Malware Internet Innovation Managed IT Services Business Efficiency Tech Term Upgrade Cloud Computing User Tips Windows 10 Microsoft Hackers Computer Business Management Hardware Phishing Small Business Business Continuity Collaboration Mobile Devices Google Cybersecurity Managed Service Ransomware Workplace Tips Communication Smartphones VoIp Android Backup Paperless Office Communications Office 365 Managed Service Provider Server Quick Tips Remote Monitoring Data Management Managed IT Encryption Windows 7 Mobile Device Network Internet of Things Artificial Intelligence Business Technology Passwords Healthcare Vulnerability Disaster Recovery Holiday Wi-Fi BDR Facebook Applications Smartphone Save Money Managed IT services Compliance Miscellaneous Help Desk Document Management Laptops Government Browser Saving Money Automation Social Media Blockchain Project Management Tip of the week Employer-Employee Relationship Virtualization Information Redundancy Scam Processor Vendor Management Avoiding Downtime Antivirus Bandwidth Microsoft Office BYOD Windows Data Security Router OneDrive Storage Infrastructure Software as a Service Machine Learning Data Loss Mobility Two-factor Authentication RMM Maintenance Website VPN Chrome IT Management Meetings Analytics Customer Relationship Management Users IoT Access Control Consulting Downtime Time Management Employee-Employer Relationship Gmail Professional Services Training Word The Internet of Things Managed Services Cooperation Bring Your Own Device Managed Services Provider Risk Management HIPAA Utility Computing Patch Management Unified Threat Management Remote Workers Apps Net Neutrality Alert Tablet Recycling Server Management Social Network Dark Web Augmented Reality Internet Exlporer Password Proactive Smart Technology Company Culture Monitoring Gadgets Computing Assessment Networking Remote Monitoring and Management Search Financial File Management Regulations Network Management Operating System Payment Cards Management Co-Managed IT Files Consultation Office Mobile Security Virtual Private Network Employees File Sharing Electronic Health Records Unified Communications Hard Drive Specifications Cybercrime Spam Cyber security Touchscreen Enterprise Content Management Hacking IT Samsung Teamwork Wearable Technology Information Technology Star Wars IT Consulting Instant Messaging Options Identity Theft Telephone Enterprise Resource Planning Optimization SharePoint Operations Return on Investment App Bookmarks ROI Digital Payment Hotspot Mail Merge User Error Fleet Tracking Zero-Day Threat Managed IT Service Geography Video Conferencing Superfish Cyberattacks Social Cache Heating/Cooling Customer Service Black Friday Database Management Social Networking Trending Business Telephone Mobile Device Management Shared resources Going Green Data Breach 5G Identity Mobile VoIP Statistics Virtual Machines Downloads Wireless Money Settings Personal Information Screen Reader Favorites Mouse Language Address WiFi Asset Tracking Backup and Disaster Recovery Break Fix Virtual Assistant Bitcoin Modem High-Speed Internet Biometric Read Only Security Cameras Manufacturing Remote Computing Vendor Servers MSP Finance Cyber Monday Staff GDPR G Suite IT Assessment Point of Sale Tech Terms Permissions Tech Support Batteries Wireless Internet Big Data Mobile Bluetooth Credit Cards Microsoft Excel Transportation Active Directory Smart Tech Recovery Techology Conferencing Computing Infrastructure Human Error Wasting Time Current Events Development Printing Smart Devices Technology Laws Authentication Motherboard Chromebook Digitize E-Commerce Theft Google Calendar Fraud CIO applications IT Technicians Remote Work Cost Management Alerts Employer/Employee Relationships Apple Computers Emergency Multi-Factor Security Electronic Medical Records Windows Server Connectivity Outlook Disaster Resistance Hard Disk Drives Migration Sensors eWaste Websites Windows Server 2008 Printer OneNote Permission Virtual Reality Database Cookies Cables Remote Worker Travel Unified Threat Management Authorization Firewall Notes Vulnerabilities Shadow IT Features Comparison Licensing Proactive Maintenance Solid State Drive Managing Stress Holidays User Management Shortcut Proactive IT Politics Solid State Drives Chatbots SaaS How To Test Data Warehousing Flexibility Voice over Internet Protocol Projects Nanotechnology Wires Private Cloud Technology Tips WPA3 Distributed Denial of Service PowerPoint Display Mobile Computing Outsourcing Lenovo Procurement Legislation Mirgation Value of Managed Services Regulation Gamification Printers Marketing Education CEO Twitter Students Daniel Stevens

Latest Blog

Once a mobile device outlives its presumed usefulness, the default assumption is that there is nothing left to do but dispose of it. However, before you do so, reconsider. There may be other ways that your device could show its utility. For today’s tip, we’ll review a few wa...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...