Cyber Security Blog

8 Tips to Prevent Social Engineering Attacks

December 21st, 2014 by Menachem Perlman

Puppet on string imageNo matter how strong your network security is, end-users will often be the weakest link in the security chain. Hackers exploit employee naivety and gullibility, or just the harried state of many workers, to execute hacking techniques and phishing scams via social engineering tactics.

Here are 8 tips to prevent social engineering attacks for you, as the IT security administrator, to either use yourself or share with your employees.

 

 

 

 

 

 

one NEVER provide confidential information or, for that matter, even non-confidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources.
two If you receive an email with a link to an unknown site AVOID the instinct to click it immediately even if it seems to have been sent from one of your contacts. Take a look at the URL to see if it looks suspicious. Often the email might seem to have arrived from one of your contacts but if you check the email address you will see that it is not legitimate. REMEMBER if it looks fishy, it probably is!
three BEFORE clicking on links both in emails and on websites keep an eye out for for misspellings, @ signs and suspicious sub-domains.
four When clicking on links sent via email or on websites, always keep a watch out for uninitiated or automatic downloads. It could be a malware piggybacking on to your system. All such activity should be reported IMMEDIATELY to your security manager.
five Website administrators should CHECK their website regularly to look for private and confidential information that could have been uploaded mistakenly.

      5.1 Use Maltego from

https://www.paterva.com

      to analyse your own website and discover interesting information that you are probably unaware of that could be used to contact one of your users/employees.

5.2 Use Foca to extract metadata from documents uploaded to your site to make certain they don’t contain personal metadata. Hackers will be scanning your website in order to find useful information before executing social engineering attacks.

six BLOCK USB devices in order to reduce the risk of Baiting. Baiting is the digital equivalent of a real-world Trojan Horse, where the attacker tempts users with free or found physical media (USB drives) and relies on the curiosity or greed of the victim – if they plug it in, they are hacked!
seven Follow the ATE – AWARENESS, TRAINING and EDUCATION security concept for all employees, no matter what level and what position they hold in the organization. While C-level employees are great targets, their admins can be even more powerful vectors for attack!
eight USE 2-factor authentication in order to make it more difficult for hackers to enter your organization.

In general, IT teams should educate employees on social engineering tactics and attacks regularly. You can make it part of the employee induction and IT training program.

Generally the content of this type of training is forgotten very quickly so it should be repeated at least every 6 months. Spread awareness by sharing cases of attacks. Explain your organization’s IT security policy and the ramifications of policy violations

You can even base training on some of the same tools that hackers use, such as The Social-Engineer Toolkit (SET).

Do you have more tips to add to this list? Let us know in the comments below.

Learn the Tools That Attackers Use

Register to download the 2016 Cyber Weapons Report now. This report focuses on attacks that occur after the initial intrusion, including command and control, reconnaissance, lateral movement and data exfiltration. The Cyber Weapons Report is a first-of-its-kind quantitative view of attack tools.

 

Leave a Reply

Your email address will not be published. Required fields are marked *