Don’t Get Hurt by Social Engineering

In today’s business climate, few prospects pose as much of a threat as social engineering schemes. Social engineering, a neologism for general manipulation and fraud, has become such a burden for entrepreneurs that in the last two years alone, nearly half of all large businesses have reported themselves as victims to some sort of attack. Some of the schemes are as cut-and-dry as following a certified employee into a restricted area (known as “tailgating”). Others are a little more round-about, such as e-mailing employees under a fake moniker, posing as tech support, and requesting confidential login information.

Defending yourself against social engineering requires some special diligence from the top-down, but it’s completely manageable if you’re willing to put the work in. Here are three quick tips that every business owner should follow in order to tighten up their security in light of social engineering:

1. Learn how to identify social engineering. While cyber criminals are constantly at work to find newer, sneakier ways to infiltrate corporate frameworks, there are still a few benchmarks you can use to decide whether or not a request is legitimate or instead the work of a con artist. For example, if you see emails coming in with bundles of misspellings or messages that originate from suspect domain names, be wary about opening them.
2. Train your employees to identify attacks. You want every last person at your company to have the same exact knowledge you do when it comes to social engineering. Many times, criminals won’t attack at the top of the food chain—it’s often easier to penetrate at the lower rungs. Make sure every one of your employees is trained to spot social engineering from day one, and encourage them to speak up if they see something unusual.
3. Double up on your verification efforts. If you require a password to gain access to certain databases, try tacking on an additional password for safekeeping. If you need a keycard to use certain areas of your building, insist on a keypad code as well. And if you haven’t already, look at a few different automated security systems just to see what sort of web-based defense they can offer your business. No matter if they’re online or tangible, your assets should be protected with more than one layer of security. It might cost you a small bit of extra time, but it’s well worth it to secure them properly.

Remember that every bit you do to prevent social engineering goes a long way. And it more than compensates for the large chunk of catch-up you’re avoiding in the event your business ever gets caught up in a criminal attack. Keep your eyes peeled for social engineering schemes, and pass the word along to your coworkers. Collectively, we have the capability to dodge these harmful attacks, and grow our businesses in a healthy environment.