Cyber social engineering – be vigilant
Social engineering scams are an ongoing threat to British businesses so it’s vital to keep reviewing your employee training and your IT security.
A wide range of techniques have the same underlying technique establishing trust to carry out a deception.
Such criminal behaviour is as old as the hills but it’s now even more effective when the approach comes via an email which appears to be from your bank, tax office or a travel company you’ve just booked a holiday with.
In fact, it can come from any source that you may feel familiar with – and a whole lot more you’ve never heard of.
Phishing remains one of the biggest threats but social engineering has many other guises.
An approach via email or phone can seem entirely credible because criminals have an abundance of information to help them make educated guesses.
A trawl through Twitter, Facebook, Instagram and other social media can tell them about your likes, dislikes, pets, favourite foods and the shops you use.
The Wannacry incident last year was one of the most invasive attacks in recent times. It infected hospitals and other public and private services all over the world. However, it’s worth remembering that many of the organisations were more vulnerable because they were using older operating systems which are no longer supported by the latest security updates from Microsoft and other providers.
Since Wannacry, there have been other major attacks. For example, the Necurs botnet sneaked onto so-called “zombified” machines. The botnet lay dormant for months before the machines were instructed to carry out a malware attack using the Scarab ransomware during Thanksgiving.
Using the best IT security can provide a high degree of protection. You need a good firewall at your network perimeter and also protection for the many endpoints within your company: all your laptops, PCs, servers and other technology.
Gary Jowett, from CNC in Brighton, says: “We recommend our customers have a SonicWall Firewall and Symantec End Point protection as a minimum with the option of Mimecast Email Security. In addition, if they’re using Office 365 they should add Microsoft’s Advanced Threat Protection.”
Regular employee refresher training is also essential because new recruits may join your organisation every year and they have to be brought up to speed with your security policy and procedures. Policies and procedures also have to be regularly updated as cyber threats keep on changing.
Gary says: “The use of digital services will continue to grow and no company can risk a breach of IT security which could lead to the theft of their customers’ data. With the new General Data Protection Regulations from the European Union now in force, that sort of breach could be very damaging for your company’s reputation and incur a hefty fine.”
NEWSLETTER ARCHIVE!! – Newsletter Archives