January 13, 2023

The importance of understanding social engineering in the workplace

by CyberCare

What is social engineering?


In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information.


The most used social engineering techniques:


Phishing – Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business, but the e-mail usually contains a link to a fraudulent web page that seems legitimate including company logos and content that can be usually found on their pages. Such websites usually have a form requesting a lot of sensitive information which opens up gateways for the phisher to infiltrate company resources.

Smishing – The act of using SMS text messaging to lure victims into a specific course of action. Like phishing, it can be clicking on a malicious link or divulging information. Examples are text messages that claim to be from a common carrier stating a package is in transit, with a link provided.

Impersonation – Pretending or pretexting to be another person with the goal of gaining access physically to a system or building.


How can companies protect themselves against it?


Enable Spam Filter – Companies should always enable Spam filters and close the door for offenders of social engineering security threats. Spam filters offer vital services in protecting your inboxes from social engineering attacks.

Multi-Factor Authentication – Companies should never rely on one factor – the most basic preventive measure guarantees your account security. The passwords can be accessed through social engineering, on the other hand, Multi-Factor verification will not be that easy to obtain as it can be anything from biometric access, and security questions to an OTP code.

Penetration Testing – The most effective approach among the ways to prevent social engineering attacks is conducting a pen test to detect and try to exploit vulnerabilities in your organization.