Social Engineering

Cyber-security has been a rising risk for years, but the ongoing Coronavirus pandemic has seen cyber-attacks increase significantly. The sudden imposition of working from home for many organisations, meant there wasn’t necessarily time to implement the right frameworks. Including employee education to prevent a breach of security. In particular, social engineering is a subject of increasing importance in the UK. What’s more, we are seeing an ever increasing number of victims. This article provides some guidance on how to minimise the risk of falling victim to a social engineering scam.

What Is Social Engineering?

Social engineering is a non-technical strategy cyber criminals use that relies heavily on human manipulation, that ultimately results in people breaking standard security practices. The attacker must have the ability to manipulate victims into performing certain actions or providing confidential information. Whether this is through persuasion, impersonation or even intimidation.

Where social engineering is different to traditional hacking is that their attacks can be non-technical and do not rely on the compromise or exploitation of software or systems. In fact, in many social engineering cases, the attacker is able to gain lawful, authorised access to confidential information.

Such scams can be in the form of phishing emails, fraudulent online offers, prizes, or telephone scams. The problem faced is these scams are getting harder for people to identify.

Social Engineering During COVID-19

As you would expect, most employees working remotely do not have the same level of cyber-security in their homes as an employer has in the office. As a result, cyber attacks are increasing. In fact, many opportunist cyber criminals are even using COVID-19 as a subject matter for their scams. in Addition, attackers are using phishing emails to manipulate recipients into revealing sensitive information by preying on people’s fear or apprehension related to COVID-19.

With that in mind, it is more important than ever to take cyber security seriously and educate employees on the rising threat of social engineering.

COVID-19 related scams are coming in thick and fast, from the promise of free food coupons (preying on people’s financial distress), to coronavirus infection rate maps, with preloaded malware. In this example, the attacker simply sends an email to a victim on the faith that their desire to obtain the most up-to-date information will lead them to open the file without considering the risks.

Another example is a cyber attack that targeted Italian email addresses with a phishing email. The email included an attachment from the ‘World Health Organization’ (WHO) with advice pertaining to the prevention of COVID-19. However, this of course was not from WHO and when the attachment was opened, malicious software was installed on the user’s device. Subsequently providing cyber-criminals with access to confidential information and even the opportunity to install more malware.

How to Minimise the Risk of Cyber Attacks

COVID-19 has brought technology forward years in just a matter of months. Everyone is online, and, just as importantly, everyone is willing to use this for any part of their lives. Work is no exception. As a result, there are far more opportunities and potential exposures to an organisation’s network and data. It is essential that businesses take the time to assess and address potential cyber threats.

Precautionary measures include:

  • Providing formal training on the prevention of cyber-attacks and educating employees to enable them to recognise and identify potential threats.
  • Advising employees against opening or downloading files they don’t know.
  • Limiting an employees’ ability to access USB ports on company equipment. This reduces the risk of exposure to a virus or malware software.
  • Enabling multi-factor authentication as this adds an additional layer of protection should a password be compromised.
  • Ensuring sensitive information can only be accessed by those who need it. Therefore, reducing the number of people who can fall victim to an attack.
  • Taking out cyber and data breach insurance to protect your business should an attack occur.

Whilst risks can be reduced by robust frameworks, policies and procedures, the increasing sophistication of scams means attackers can often still manipulate employees and even systems. As a result, risks cannot be totally eliminated. A comprehensive insurance policy can provide invaluable protection and support in the event of a cyber attack.

To find out more about protecting your organisation from social engineering attacks and implementing an effective cyber security insurance plan, please contact us today on 01384 442 165.