Simple Practices to Outsmart Social Engineering – #BeCyberSmart
October is marked globally by various countries and organisations as Cybersecurity Awareness Month. The theme for 2021 is “Do Your Part. #BeCyberSmart.”
At iSite Computers, we’ve dedicated this month to publishing a four-part series aimed at creating awareness on fundamental cybersecurity practices for small to medium-sized businesses in South Africa. Share this article series with your employees to stress the critical basics of IT security in order to keep your business protected. This is Part 4 of 4.
No matter how good the locks are on your front door, they can’t help if you invite a thief into your house.
In Part 3, we discussed the dangers of letting others borrow your smartphone or workstation. These are examples of a “social engineering attack” – which describes hackers using con artist tricks to get around your computer security, rather than attacking your hardware or software directly.
An informed and alert individual remains the best defence against such attacks. To that end, consider the following:
(1) Don’t Talk to Strangers (Online)
Never respond to an email, text message, or phone call that requests any personal or private information. Such messages are easy to “spoof”, i.e., to make appear it as if they’re from a legitimate source, but aren’t.
If you receive such a request, contact the alleged source of the request directly over another channel. For example, if you receive an email from your bank requesting that you update your account information, call your bank at the phone number listed on your debit card. Don’t call a phone number listed in the email because it might be a fraudulent number.
Similarly, never click a link “to update information” in an email. Instead, type the company’s web address directly into your browser and log in to your account. A link might take you to a site that appears authentic but isn’t.
(2) Watch Your Back
Always be alert of your surroundings – including people and objects outside your field of view. In a social engineering tactic called “shoulder surfing,” a hacker might be snooping over your shoulder as you type in your password or PIN. Or, a “tailgater” might follow you past a door into the hallway you’ve just unlocked via key card,
At best, never work with sensitive information on your laptop in a public setting. If you must, always sit with your back to the wall and consider investing in a polarised privacy screen.
(3) Everybody You Just Met is A Stranger, No Matter What They “Know”
Be aware of false friends online and in person. A lot of information about you might be available online: where you went to school, where you worked, your hobbies, your interests, family members, and networks of friends. Even places you frequent might be online if you “check-in” or leave reviews on Google Maps and social media.
All of that information can be used to establish false familiarity. “Oh, I went to Sunnyvale High School, too. Did you happen to know John Doe?” Receive a DM like this on social media, and it’s likely to reduce your reluctance to talk to a stranger. You’re simply reminiscing with someone you went to school with, right? Maybe not.
Be careful not to disclose sensitive information in such a scenario. This new “friend” might be a well-prepared hacker looking to con you out of crucial information, such as answers to your password reset questions, or launch a sinister doxxing attack.
Book a Free #BeCyberSmart Consultation for Your Business
Cybersecurity measures can all be rendered helpless in the face of an employee falling victim to a social engineering ploy – whether online or in-person.
Thus, employee education and awareness training is the primary remedy against such attacks. To learn how we could help your business, book a free, no-obligation cybersecurity consult with iSite Computers.