Welcome to the ninth instalment of Calligo’s 12 Days of Christmas – a series of blogs that each highlight an important issue, a lesson to learn or a key resource that will help your business maximise the value of its data.
Today’s blog focuses on 9 soical engineering tactics everyone needs to be aware of.
Organizations are routinely deploying a wide variety of IT security technologies, including of course anti-virus, malware, ransomware and SPAM, but also increasingly sophisticated solutions such as behaviour analytics and intelligent threat detection. But despite these, even coupled with the most robust of processes and controls, their networks and data still remain vulnerable. This is because no software or policy can mitigate the most prevalent and notorious network weakness: their employees.
Cybercriminals prey on human nativity and curiosity, coupled with employees’ typical lack of cyber awareness: a technique called “social engineering”.
Social engineering, in the context of cybercrime, is the use of psychological manipulation to convince users to provide confidential and/ or personal information or click on a link that would either infect their network with malware or take them to a malicious site.
And the threat is substantial. Accenture Security’s 2019 Cost of Cybercrime report claims that 85% of organizations reported phishing and social engineering attacks in the last 12 months.
Here are a few tips on how users can avoid and combat social engineering:
- Do not open any links or attachments in emails from untrusted sources.
- If unsure about the URL, hover above the link to verify beforehand, if you’re still uncertain, do not click on it.
- Be vigilant when opening any attachments, even when the email appears to be from a safe sender.
- Do not be fooled by “clickbait” offers – if it appears too good to be true, it probably is!
- Use strong passwords or passphrases
- Verify identification before granting access to buildings
- Don’t leave your devices (personal and work) unlocked when not in use.