Don’t Fall Victim to Social Engineering
Do you believe someone in your company or an MSP client could fall a victim of social engineering? Chances are you do – from knowledge and experience. It is critical to know what social engineering is, and how to mitigate the risks.
So What Is Social Engineering?
Social engineering is more than just a simple con; it is a method of manipulation that criminals use to get people to hand over personal and confidential information. Social engineers make people perform actions that breach security and that are against their own best interest. It gets them to divulge their information, and sometimes they do not know they have been conned – until the damage is done.
Social engineers try to obtain things such as passwords, bank account or credit card information. Often they want to install malware onto your computer to get better access to your personal information, and control the computer remotely. If this happens at work, the criminals can gain access to your network and your company’s information. This includes financial information, and information about clients or customers.
Take a moment to think about how this type of attack could affect your customers and clients. They would immediately lose trust in your MSP business, and look to your competitors for the safety and security they need. You and your employees need to know how to spot these scams, and how to stop them in their tracks.
What Does It Look Like?
There are many angles to social engineering, but they follow a similar path. Let’s look at an example of how they work.
There could be a message that comes into your email that looks as if it is from a legitimate source, or perhaps someone you actually know, a company with which you do business, or even someone else at the workplace. At first glance, it seems real. However, this is a phishing email that attempts to get you to click on links that take you to spoofed sites, have login forms, or ask for personal information.
In some cases, the sender asks for help. They might want information, or have an attachment they tell you to download. This is just bait. They are trying to con you into taking dangerous actions, such as providing passwords or personal information.
How Prevalent Is It?
Social engineering is commonplace. Most people receive these emails on a regular, even daily basis. Some phishing e-mails are easy to spot and avoid. However, as the thieves become savvier, the scams are more and more difficult to detect, especially for tech neophytes. The following should help you can lower this risk.
How to Mitigate the Risk
Make sure your staff is aware of these scams and know how to identify them. The staff should be comfortable reporting any type of activity they find out of place. For example, if the “IT” department suddenly asks them for password information or a password change. They need to know enough not to answer the email and instead contact the right IT people at the company.
By slowing down, employees you can think first before acting. Make sure they take time to check the veracity of their e-mails. If anything is out of place, such as unsolicited but authentic looking messages, they should question them. Make sure they immediately delete requests for passwords or financial information. The same is true of requests for help, or from individuals and companies that offer help.
It is also a good idea to identify any risky users in the company. What types of information are your employees accessing at work? Are they getting onto personal e-mail, social media, and cruising the web? You might want to set a limit as to what your employees can and can’t do with company computers.
As you can see, social engineering is a very real problem, and it takes vigilance on the part of you and your employees to stamp it out of your company.
AuthAnvil to the Rescue
When implemented correctly using a quality solution, 2–factor authentication (2FA) will keep you or your client’s digital infrastructure safe without inconveniencing employees, and serve as the basis of a security service.
In most organizations, it doesn’t take long after implementation for staff to fall right back into their old bad password routines — which isn’t a disaster because those old routines are now much safer due to the extra layer of authentication.
You may want to use 2FA in conjunction with single sign-on (SSO) to make it easier for employees to sign into your client’s systems. SSO allows users to have direct access to all of the platforms they use, but they need only one credential to access them. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.
SSO is definitely something you’ll want to look for when considering your options for a 2FA vendor. However, remember that just offering SSO isn’t good enough – you must also do a deep dive to understand any 2FA vendor you are evaluating.
Learn how AuthAnvil deepens security through 2FA here.