The biggest risk for any organization getting hacked is neither the firewall nor the server. It is another problem altogether: Social engineering. Social engineering is when employees inadvertently (or out of malice) give cyber thieves sensitive corporate or client information. Let’s review some of the socially engineered pitfalls that occur all too often:
- Public Wi-Fi is to your computer network as Kryptonite is to Superman or garlic is to a vampire. Unless you are sending out information that is encrypted via a secured site, never conduct any business from an unsecured Wi-Fi hotspot.
- Public places are where you need to be extra-private. Never leave documents, especially any with links to your organization, unattended. A laptop in a coffee shop left open while you refill your cup with your back turned is all a cyber thief needs to get going. Moreover, the phone conversations you conduct in the airport — giving your assistant your email password so she can access a file, for example —also can be dangerous. If an opportunist who overheard you later started making conversation with you and traded business cards, you’re basically giving him your username and company along with the password.
- “Visual Trespass” is the practice of someone in any public space “looking over your shoulder,” viewing your computer screen. For example: Alison, the head of tax and audit for a publicly traded company, was traveling and noticed a stranger trying to observe her computer screen in an airport while she was working on her corporation’s soon-to-be-public 10-K filing. While the stranger may have been rude (and not a cyber thief), the person working on those financials was misguided and careless.
- Phishing continues to be an issue. Remember those emails we once received from Nigeria, Lithuania or Romania that named us as the heirs to great fortunes? Since then, phishing schemes have become so sophisticated that we believe the email comes from our bosses, a supplier or a nonprofit we might support. The links in the email are typically malware that can infect the entire network and grab important files. Don’t fall for it. When in doubt, always verify. An interesting fact: Millennials are more prone to falling for phishing than older employees. Overfamiliarity with, and blind trust of, technology can be dangerous.
- Vindictiveness can wreak havoc on your data unless you protect your systems from employees immediately upon termination. Have a plan in place so the recently fired sales executive can’t walk to your competitor with your latest leads or biggest accounts.
- Vendors can inadvertently pose a threat to your system. Many cyber thieves have successfully snuck in through a back door by going through the networks of a related supplier. If your network is secure, but your vendors have cyber security that is more like Swiss cheese, it can potentially create a huge vulnerability in your network.
Clinton Henry is an international speaker and consultant for cyber security and identity theft. Based in San Francisco, he may be reached at clinton@clintonhenry.com.
Leave A Comment