Social Engineering – When Nice Can Be Naughty
Recently, I had the pleasure of speaking at the Gifford School in Weston, Massachusetts on the topic of ‘Social Engineering.’ The Massachusetts Association of Approved Private Schools (maaps) put together this presentation for the MassTAC Technology group to discuss technology trends and issues within the private school environment. Last year, I focused my presentation on Cyber Risk Security and the best “bang for your buck” security controls.
Human error is by far the number one cause of cybersecurity incidents. It has been publicized that over 80% of reported incidents started with a user making a wrong move. This is where social engineering, the art of influencing others to take actions desired by the artist, plays a prominent role. The bad guys basically know what human weaknesses exploit. They often play on our greed, pity and empathy, fear, to make us take the bait and click that link.
The good news is that it is not too hard to make sure your organization decreases the risk of becoming a victim to these social engineering attacks. Here are a handful of concepts that just might save you a lot of headache in the future:
- Build and maintain awareness
- Foster a culture of security
- Write and enforce policies, procedures and scripts
- Test periodically
- Reward good behavior
- Maintain physical and IT security
If you feel as though your organization is not where it needs to be to protect your information and data, then it’s time for a conversation with our security experts.