Have you ever considered the amount of trust that is needed to acquire goods or services?
As our partner Knowbe4 says: “When you sign up for a new online account or make a purchase with your credit card, you trust the retailer with your credit card number, your full name, your shipping and billing addresses, your phone number, and your email address. But do you even know what happens on the other side?”
As you know, this information passes through some systems but in the end it’s always manipulated by human beings, like you and I, who have been trained to follow certain procedures in order to operate with that information. But what if they don’t?
Imagine an employee receives a malicious email impersonating you and asking for your information, and this employee doesn’t read the email well, doesn’t follow basic security policies, and sends the malicious guy all of your credit card information. This happens every day, why? Because employees are not trained in security best practices.
So now ask yourself, are you or your employees trained enough to be able to say that you wouldn’t fall for these traps?
Quoting again Knowbe4, “as a human firewall, you are trusted to uphold your policies, and ensure that confidential data stays confidential. For example, imagine you receive a phone call from your IT department. The caller claims that he needs to update your computer’s operating system with a critical security patch. He instructs you to visit a website you’ve never heard of and download an app that will allow him to upgrade your computer remotely.” What would you do?
This is called social engineering, someone who hacks humans by gaining their trust and exploiting it to influence a risky action, such as clicking on a link, wiring money, or providing confidential information. Why do scams sometimes work? How do social engineers successfully compromise individuals and organizations? By manipulating human emotions, such as fear, sympathy, love, curiosity etc. Identifying and preventing social engineering attacks represent the first two steps towards maintaining trust (and, by extension, privacy). But your responsibilities don’t end there. Human firewalls also report incidents immediately. Timely reporting allows us to investigate what happened, how it happened, and warn others about the potential of similar attacks. Don’t let your emotions get the better of you. Treat any request for confidential data or money with a high degree of skepticism. When in doubt, don’t respond, don’t click, and don’t make assumptions. If you identify a social engineering attack, report it immediately. And always follow your organization’s policies, no matter what.
Finally, don’t just train yourself, make sure all your employees get trained with high quality security awareness training, both presential and online driven, and also ensure you perform practical tests such as fake phishing campaigns, to see how many employees would really fall for it.
Need help with it? A2SECURE works with the best security awareness tools, such as Knowbe4 Enterprise Security Awareness Training, and experts that make sure that the ratio of falling for scams decreases dramatically in your Company. Contact us for more information if you want to make sure you avoid a potential disaster when an employee performs a millionaire bank transfer to a fake bank account number.
Just imagine how it will be to explain that all the money invested in next generation firewalls, antivirus and so on was useless because the weakest link, which is the human being, was never protected…
Author: Guillermo Sánchez