Cyberattacks have grown both in scale and sophistication. At the same time, antivirus software, firewalls, and IT support services have made great strides toward defending against modern day malware and other web-based threats. But as remarkable as these cybersecurity solutions are, they do little to protect employees from social engineering ploys. And unfortunately, some are more vulnerable than others.
With the authority to access company information, influence employees, and approve of wire transfers, senior leaders are perhaps the most at risk from social engineering attacks. Hackers often trick executives to disclosing sensitive information by sending a phishing email or making a phone call under the guise of a bank teller, government official, or IT support. If successful, the hacker will have top-level access to IT systems, free to wreak havoc and steal thousands of dollars in company data.
As executives hold more influence in your company’s infrastructure, make it a mandatory practice to use password managers and two-factor authentication to secure company accounts. And since senior leaders are the face of the company, discourage them from sharing too much information on social networks.
From handling company paperwork to confidential employee information, your HR department is a common target for phishing attacks. A typical scenario is often when hackers pose as job applicants and send malicious files disguised as resumes. If WiFi networks are unencrypted, ill-intentioned “interview candidates” can also intercept classified emails and steal the private information inside.
To defend your HR staff, create a company-specific employee portal to reduce the amount of documents sent via email and to standardize document submissions. Make sure encryption is applied to your email servers to protect intercepted messages. And always remind your staff to confirm the legitimacy of document requests by asking to meet face-to-face.
Given the number of people they interact with, salespeople are targeted as frequently as executives. A simple email and phone call inquiry is enough to convince your marketing team to drop their guard. If the social engineer is smart, they’ll target specific staff, act as a potential client, and proceed to ask for customer lists, confidential contracts, and sensitive company information. In some cases, all they have to do is trick your staff into clicking a link or opening an attachment to bypass your security systems.
The best contingency plan is to have a discussion with your sales department about what information they’re allowed to disclose over email and phone call, and how to securely send sensitive information online. On top of that, train salespeople to be cautious of every email and phone call they receive no matter how urgent the matter may be.
Everyone is a target
Although the three types of employees mentioned above are targeted more frequently, hackers will prey on anyone with access to a device -- from frontline staff to high-level executives. Employees who repeatedly set weak passwords and recklessly interact with common phishing scams are more likely to put company data and your business at risk. Even the smallest piece of private information shared on social media can give any scammer the tools for a successful social engineering attack.
Utilizing email filtering and endpoint protection will help reduce phishing emails in company inboxes. But to truly protect your employees, you need to conduct periodic security awareness training. This involves teaching staff how to respond to suspicious requests, helping them develop critical thinking and safe security habits, and keeping them up to date on the latest exploits.
Strengthening security systems is important, but training security-conscious employees who can avoid the most compelling attacks is even more so. If you need advice on protecting both your systems and your employees, visit us at www.intelligis.com. We provide the best cybersecurity has to offer, and you can have it all by contacting us today.