8 Tips to Prevent Social Engineering Attacks
No matter how strong your network security is, end-users will often be the weakest link in the security chain. Hackers exploit employee naivety and gullibility, or just the harried state of many workers, to execute hacking techniques and phishing scams via social engineering tactics.
Here are 8 tips to prevent social engineering attacks for you, as the IT security administrator, to either use yourself or share with your employees.
|NEVER provide confidential information or, for that matter, even non-confidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources.|
|If you receive an email with a link to an unknown site AVOID the instinct to click it immediately even if it seems to have been sent from one of your contacts. Take a look at the URL to see if it looks suspicious. Often the email might seem to have arrived from one of your contacts but if you check the email address you will see that it is not legitimate. REMEMBER if it looks fishy, it probably is!|
|BEFORE clicking on links both in emails and on websites keep an eye out for for misspellings, @ signs and suspicious sub-domains.|
|When clicking on links sent via email or on websites, always keep a watch out for uninitiated or automatic downloads. It could be a malware piggybacking on to your system. All such activity should be reported IMMEDIATELY to your security manager.|
|Website administrators should CHECK their website regularly to look for private and confidential information that could have been uploaded mistakenly.
5.2 Use Foca to extract metadata from documents uploaded to your site to make certain they don’t contain personal metadata. Hackers will be scanning your website in order to find useful information before executing social engineering attacks.
|BLOCK USB devices in order to reduce the risk of Baiting. Baiting is the digital equivalent of a real-world Trojan Horse, where the attacker tempts users with free or found physical media (USB drives) and relies on the curiosity or greed of the victim – if they plug it in, they are hacked!|
|Follow the ATE – AWARENESS, TRAINING and EDUCATION security concept for all employees, no matter what level and what position they hold in the organization. While C-level employees are great targets, their admins can be even more powerful vectors for attack!|
|USE 2-factor authentication in order to make it more difficult for hackers to enter your organization.|
In general, IT teams should educate employees on social engineering tactics and attacks regularly. You can make it part of the employee induction and IT training program.
Generally the content of this type of training is forgotten very quickly so it should be repeated at least every 6 months. Spread awareness by sharing cases of attacks. Explain your organization’s IT security policy and the ramifications of policy violations
You can even base training on some of the same tools that hackers use, such as The Social-Engineer Toolkit (SET).
Do you have more tips to add to this list? Let us know in the comments below.
Learn the Tools That Attackers Use
Register to download the 2016 Cyber Weapons Report now. This report focuses on attacks that occur after the initial intrusion, including command and control, reconnaissance, lateral movement and data exfiltration. The Cyber Weapons Report is a first-of-its-kind quantitative view of attack tools.