In the world of computer security, the term “social engineering” refers to tricking someone into revealing information that’s useful to attackers, such as a password.
Experts agree that in most successful cyber-attacks, the human factor is the weak link. Social engineers are merely con artists – often very good ones – who use their powers of persuasion to get victims to act against their own better judgment.
Here are some tips to make sure you don’t fall for social engineering and endanger proprietary company information.
Protect your password. The single most common social engineering attack is a phone call requesting your computer password. The caller confidently says he’s a help-desk technician or a member of the IT staff. He may speak some gobbledygook about why your password is needed immediately. Don’t fall for it! The attacker is hoping that the tech jargon and businesslike tone will buffalo you into doing what you know you shouldn’t: telling your precious password to a complete stranger.
Badger for badges. Brazen social engineers often walk right into facilities to do a little “dumpster diving” (searching trash cans for valuable info), or to pose as IT workers. If employees and visitors in your building are required to wear ID badges or display your key cards, it is your responsibility to challenge strangers for appropriate identification. This is not easy for most people, as it is a confrontation that can potentially be unpleasant – but remember, the attackers are counting on your hesitance!
Common sense prevails. The rule of thumb for preventing successful social-engineering attacks is simple but requires nerve, experts say: don’t do things that make you vaguely uncomfortable, or which deep down you know you shouldn’t do. Remember, your company is counting on you to safeguard data.
© National Security Institute, Inc.