Make Your People the Strongest Link Against Data Breaches, Not the Weakest

Did you know that, according to reports and as published by Deloitte, 91% of all cyberattacks begin with a spearphishing email? Or that 32% of all successful data breaches use phishing techniques?

Such attacks come under the term ‘social engineering’, which simply means an attack using human interaction.

How does social engineering work?

Social engineering uses psychology to make the victim believe an interaction (like an email or phone call) is genuine. The aim is to deceive the victim into sharing sensitive information.

Attacks occur in one or more steps. The attacker starts by investigating the victim, looking for information they can use to ‘prove authenticity’, and for the weak security protocols to make the attack.

The perpetrator then gains the victim’s trust, and prompts actions that break the employer’s security policies and protocols. Typically, this may include revealing sensitive information, or even sharing passwords.

How can you prevent social engineering attacks from being successful?

It’s crucial that all your people are aware of social engineering attacks and what they look like. One way to do this is by implementing comprehensive security awareness training, ensuring that all employees recognize tactics used in social engineering attacks, which include:

  • Phishing and spearphishing (usually emails or phone calls targeting specific groups or individuals)

  • Piggybacking (where an unauthorized person follows someone into a restricted area)

  • Pretexting (when a fabricated scenario is used to steal information)

  • Quid pro quo (where a benefit is offered for information provided)

Other strategies that you should use to combat social engineering attacks include:

  • Developing a comprehensive data security policy

  • Encouraging employees to report all potential attacks

  • Creating and implementing a solid data security strategy

  • Using multi-user authentication

  • Ensuring antivirus and malware software is regularly updated

Is your company and its employees prepared for social engineering attacks?

Having the above measures in place, and regularly reviewing them, will help limit the number of social engineering attacks your employees receive; and should an employee receive an attack, the training provided should provide the knowledge and capability to thwart that attack.

How is your company performing against social engineering attacks? Contact Millennium Tech USA to discover how we can help you assess your state of preparedness.

The Impact of Data Loss on Business

The Impact of Data Loss on Business

10 Consequences of Data Loss for Businesses Data loss can occur in many ways. Most commonly because of human error, though if your networks and systems are inadequately protected then your business is threatened by other data protection risks including ha
Continue Reading
Data Breach Detection Tools

Data Breach Detection Tools

All You Need To Know About Technology To Transform Your Data Breach Response Capability One of the key factors in an effective data security strategy is using the right tools to detect data breaches. These help to save time and effort used by your data pr
Continue Reading
The Consequences of Corporate Data Theft

The Consequences of Corporate Data Theft

11 Ways a Data Breach Could Crush Your Business Your data is important. Strike that. It’s critical to your business. It helps you make better business decisions, accelerate your sales, and improve your profits. Theft of company documents from your d
Continue Reading