Ransomware, malware, and plain old fashioned con-man style trickery are very real threats that can keep business leaders up at night. While malicious software can cost your company millions and put a big old kink in your day, the truly dastardly foe in this equation is not the software, but the delivery method, also known as social engineering attacks.
66% of malware came from malicious email attachments. Verizon
Social engineering is when cyber criminals attempt to trick you into giving up personal information such as a password or username, so that they can access your computer, network, servers, or even your physical building. Common forms of social engineering are phishing, or fraudulent emails designed to trick you into divulging personal data, baiting, which is when someone is enticed into providing information with a free offer, such as music, videos, or pictures, and spear phishing, which is a specific, targeted type of phishing that uses personal information to trick potential victims.
In years past, hackers relied on viruses and malicious code to gain entry into private systems, but with increased security practices being applied at every technical level these days, cyber criminals began to target a company’s weakest link – your employees. While usually innocent, employee mistakes are the number one cause of ransomware entering your network. Here are a few simple tests you can do to see how vulnerable your company might be to social engineering.
How young is your company?
By 2020, millennials will form 50% of the workforce, and if we have learned anything about millennials, it is that they are Cloud loving, tech savvy rule breakers. Accorded to Wired.com, 70% of millennials admitted to bringing outside applications into the enterprise in violation of IT policies. These outside applications are generally Software-as-a-Service based applications, such as DropBox or Google Drive, which leads to a wider surface for hackers to access your data. In the same Wired.com article, it was also noted that 60% of millennials admitted to not being concerned about corporate security when they use personal apps over corporate apps.
65% of professionals identified phishing and social engineering as the biggest security threat to their organization. – TechBeacon
The battle against millennials is nothing new, and IT teams have to remember to work with these youngsters, instead of against them. Make sure that corporate apps are state-of-the-art and user friendly. Don’t give millennials an excuse to go rouge.
When is the last time you trained employees on security practices?
If the answer is never, then you may be in trouble. Many employee caused security breaches are simple mistakes. Make sure that employees know about phishing and other forms of social engineering attacks. Even more importantly, make sure that they know how to avoid them.
How big is your company?
SMBs are at a greater risk due to maturing security practices and lack of awareness for security concerns. All businesses, including SMBs, need to avoid social engineering attacks by educating employees, and installing cloud based backups that can get you out of a jam quickly if you are indeed affected with ransomware.