Tag Archives: #Prevention

Social Engineering = Fancy Job Title for Hackers

Hacked computer screen image on a DOS based system

There are so many different threat types out there, but understanding them is the first step in protecting your business

Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well.

External Threats

With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system.

Baiting

First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations.

Phishing

This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email, or login to check on a policy violation. Usually the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book.

Spear Phishing

Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer.

Internal Threats

Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier.

Tailgating

Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access.

Psychology

Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it?

Public Information

Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person.

Pretexting

Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, they can easily steal your identity with pertinent information like social security numbers or banking information

Prevention

Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.

If your business has concerns about keeping your data and business protected against cyberthreats and cyberattacks, contact SystemsNet today for more information on how we can help!

Does Your Business or Organization Have A Backup Disaster Recovery (BDR) Plan?

A backup disaster recovery plan can make all the difference if disaster strikes.

The coronavirus pandemic continues to remind business owners and IT managers that the greatest time to plan for natural disasters is before it actually happens and not during or after they happen. When you review your current plans and strategies, how prepared are you for another pandemic or natural disaster?

COVID-19 continues to be spread from person to person across various states, and states of emergency were already declared in multiple efforts to take on the terrible outbreak. As more decisions need to be made in regard to reopening’s and internal/external changes, now is a great time to pull out your plans and strategies and make the necessary changes to your Backup and Disaster Recovery (BDR) plan.

What is a Backup and Disaster Recovery Plan?

A Backup and Disaster Recovery Plan is a system of processes and procedures that everyone in your workplace will need to follow if a disaster or pandemic strikes. Your Backup and Disaster Recovery Plan should be one of the keys to helping your business survive during some of the toughest times that life may throw at it.

Do You Have A Plan?

Unfortunately, the majority of small businesses and many mid-size and large businesses do not have an effective Backup and Disaster Recovery Plan. Unfortunately, over 90 percent of those businesses will not survive if an outbreak, pandemic, or disaster as powerful as COVID-19 strikes. When a business or organization experiences significant downtime, a business or organization can lose thousands of dollars every minute the business is not operating.

Would your business or organization live to operate during the next year if you are forced to close your doors again for a significant period of time? It does not matter what your level of business is and what industry you are a part of, there is always a chance disaster could strike and impact your place of business.

Prevention Is Key

Before you make any decisions related to your Backup and Disaster Recovery plan, it is important to perform a full risk assessment. When you perform a risk assessment, your results will provide you with the tools you need to prepare you for any type of disaster. When you perform a risk assessment, you should take the following steps:

  • Create an inventory list of your equipment, networks, and security features that are a part of your business
  • Create a list of anything that may be a security risk
  • Gain an understanding of how your systems work and if they are working properly
  • Determine if there is anything in your business infrastructure you may be missing

It does not matter what type of problem or disaster may strike your business, it is important to make sure communication is open and accepted. One person should not be in charge of everything because no one person will be able to help a business or organization recover from any type of problem or disaster. As you prepare your Backup and Disaster Recovery Plan, it is important to remember the importance of communication.

Everyone should be aware of whom they can call during the event of an emergency. How many of your employees will take on a lead role? How many communication channels will be available during an emergency? Everyone should be aware of when the Backup and Disaster Recovery Plan should be initiated, and they should be aware of their role.

If you are preparing to create an improved Backup and Disaster Recovery Plan or if you are creating a BDR plan for the first time, please feel free to contact us today for more information.