Social Engineering – Even the CIA Director is Not Immune

What is social engineering?

Social engineering refers to the concept of psychologically manipulating people in order to trick a person into revealing critical information. Cyber criminals will attempt to do this in many ways. For example, an employee may have their computer accessed by a hacker who has installed malware into their system. Another example is tricking an employee into giving them accessibility, it could be a password or crucial banking information. Human nature and trust feeds into this concept and cyber criminals are counting on this. There has even been reports of attractive women befriending IT security professionals, thereby gaining entry and infecting the network with malware.

In another example, how easy would it be to simply call up an employee of a business and pretend to be the company’s IT department, convincing them to handover a password? At this point, a company’s security is compromised and the cyber criminal has exactly what they need to do some real damage. By acquiring this confidential information, the cyber criminal is able to avoid using the internet or hardware to hack.

These days, you’d be hard pressed to find someone who isn’t a member of one social media outlet or another. In fact nearly two-thirds of 50-64 year olds and 43% of those aged 65 and over are now on Facebook according to a recent study done by Pew Research Center.

As shown in recent headlines, even the CIA’s Director is not immune to social engineering. On October 21st, 2015, WikiLeaks published their second batch of CIA Director John Brennan’s confidential AOL emails. The teen hacker admitted that he obtained access to Brennan’s emails by posing as a Verizon employee. So, how can you help yourself stay safe?

According to the Department of Homeland Security, the following tips can help you avoid the above scenario.

Email Awareness – Cyber criminals will send massive amounts of fake e-mails, with hopes that people will open the email and then become infected by malware. By installing and maintaining security protections such as firewalls, antivirus software, and email filters, you can greatly reduce your unwanted email traffic. Employees must be trained on email and browser best practices, including the following tips.

Resist the urge to click links in a suspicious email – visit websites directly.
Be cautious of email attachments from unknown sources.

Website and Software Security – Eighty-six percent of all websites have at least one serious vulnerability, and most of the time, they contain more than one, according to the 2015 Website Security Statistics Report. Hackers will target websites that have Flash or Java to trigger vulnerabilities. By using an antivirus program with software such as firewalls and malware and spyware detection, you can improve your chances against cyber criminals. Making it a priority to check for security patches and updates and following the below tips will assist with your security.

Only install approved applications.

Be sure you’re at the right website when downloading software or an upgrade. Even when using a trusted site, double-check the URL before downloading to make sure you haven’t been directed to a different site.
Recognize the signs that your computer is affected, and contact IT if you believe you have been the victim of an incident.

Password Protections – “Password1” was the most common password used by corporate environments in 2014. How unsafe and unimaginative is that? This prime example of lethargy points out a huge security gap in the industry and is exactly what cyber criminals are looking for when breaking into a system by using unauthorized usernames and passwords. Follow the tips below to safeguard against this.

Change the passwords on computers and point-of-sale systems (including operating systems, security software, payment software, servers, modems and routers) from the default ones the products came with to passwords that are easy for you to remember but difficult to guess. Long, strong passwords incorporate upper- and lowercase letters, numbers and symbols and should consist of “passphrases.”

Update system passwords regularly and especially after outside contractors do hardware, software or point-of-sale system installations or upgrades.
Educate employees and users on choosing strong passwords and changing them frequently.

Use two-factor authentication. Many of these attacks rely on getting a password one way or another. Requiring another form of ID, such as a security token, will make it harder for hackers to falsify an account.

Taking the time to learn more about cybersecurity requires the openness to learn and even change the way you do business. Social engineering is one of the easiest ways a cyber criminal can gain access to critical information. All levels of employees can be vulnerable to social engineering attacks and all it takes is one click.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, give us a call us at (800) 519-5070.