March 08, 2016
Training employees to recognise social engineering dangers is one of the most important ways to protect confidential information in the workplace today.
Information thieves use social engineering such as email scams, phishing and pre-texting to trick people into giving out confidential information and/or installing malicious software.
Scams can occur over the telephone but most frequently, they arrive in a fake email.
Many data breaches are thought to have started with a simple social engineering scam.
According to Verizon’s 2015 Data Breach Investigation Report, phishing attacks have been a factor in more than two-thirds of cyber-espionage incidents for the past three years. The study showed that more than 23% of recipients open phishing emails while 11% open the attachments.
Globally, computers continue to be infected with malware at a high rate. The Anti-Phishing Working Group (APWG) reported that the global infection rate was around 33% for most of 2015.
For protection from email fraud, an organisation should have a comprehensive information security programme as well as technology that intercepts incoming emails such as firewalls, antivirus software, and content filtering. There should be a multi-level approval process for any financial transfers. Some companies utilise social engineering phishing tests to identify workforce vulnerabilities and solutions.
Employee knowledge about social engineering scams is just as important as these other safeguards – so employees can delete or ignore scams.
In security awareness training, teach employees about the risks involved in sharing personal and business information online. Knowing how to spot fake emails is also key. Workplace reminders (posters, notices in employee newsletters, etc.) will help to keep phishing awareness top-of-mind.
Here are some Social Engineering Red Flags to be aware of: