As the final post in the network security blog series, I wanted to write about one of the greatest threats that organizations encounter today – Social engineering.
Social engineering is a non-technical method of getting you and/or your employees to share personal information. It relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Even with safeguards such as anti-virus and anti-malware tools, hackers commonly manipulate employees into unknowingly compromising corporate security to bypass their network security.
The simplest way to defend against social engineering attacks is to use common sense and ensure your employees are aware. Security-aware employees are better prepared to recognize and avoid constantly evolving social-engineering attacks. Use secure browser settings when possible and monitor your browsing history to ensure that you recognize all of the sites listed in it.
Consider adopting the following best practices and ask the right questions to ensure you and your employees are safeguarded against social engineering:
- Do your users know not to give out their user name and password? Is it written on a sticky note under their keyboard?
- Are they allowed to take a USB stick to and from work? Do they take their laptop home and connect it to the internet there or use a WiFi connection at a coffee shop?
- What about the websites your staff visit? Are you restricting gambling, music sharing, and other potentially malicious sites?
- Have you set privacy controls to restrict access to your personal data and limit the amount of personal data you publish?
- Do your users know to be suspicious of emails that come in with links or attachments that they aren’t expecting?
- Have you established and maintained connections with only people you know and trust, and review your connections often?
All of these questions relate to your users and the social engineering that hackers use to exploit them in order to gain unauthorized access to your systems. As a SMB, you must address these risks as part of your overall security management strategy. Ongoing training and support from management will encourages active participation in the security culture. If you would like a more personalized security consultation or on-site information session, Contact your ADS today.