Security researchers have revealed that social engineering is one of the most prevalent attacks against organisations and their network.  But what is social engineering, you might ask? How does it affect you and your business?  This post explores exactly that, and what you can do to protect yourself from falling victim to it.

To put it simply, social engineering is the psychological manipulation of people into divulging confidential information.  Unfortunately, and commonly, this confidential information includes usernames and passwords.  These could be for email addresses, bank accounts, or even a Hosted Desktop or network environments.  Typical tactics are to evoke, and take advantage of a potential victim’s emotional reactions. 

Examples could be:

• Receiving an email from a well-known company thanking you for a recent order.  You don’t remember making this order?  But there’s a receipt attachment, so you should open it and check it… right?  In reality, the attachment is a virus designed to steal logins and passwords from the user’s computer.
  
  
• Posing as a Director or Line Manager and asking for credit card details or for a payment to be made to a new account.  If your Manager has asked you to do it, then surely it must be ok?
  
  
• Asking you to verify or update your information or face suspension of a service.  For instance, saying that unless you verify your login details and security answers your email account will be deactivated within 24 hours.  Creating a sense of urgency and fear.

What are the facts?

• 31% of targeted attacks are at businesses of under 250 members of staff
• Social engineering is one of the most prevalent forms of attacks against these organisations
• 81% of security breaches are due to stolen or weak passwords
• 90% of employee passwords could be cracked within 6 hours
• 65% of people use the same password everywhere.
  

Protecting yourself and your business

Don’t keep your password written down on a piece of paper or post it on your desk.  Yes, we know that its long, full of strange characters, difficult to remember, and that Paul from Accounts does it, but it’s really best not to.

Be suspicious of any requests for information such as passwords or sensitive information.  This is especially true of requests via email or phone – more than likely, it’s not legitimate.

Keep devices up to date.  Set your anti-virus, spam filters and computer updates to auto-update.  At the very least you should manually update them regularly.

Implement two-factor authentication.  This adds another layer in the logging in process and protects you against stolen or fraudulently obtained login details.  Typically, this would require a code to be entered that is sent directly to the authorized user’s phone, or for them to confirm an alert sent to them regarding the login.

What are Cloud2Me doing to protect customers against Social Engineering?

That’s a great question, and one which we hoped you would ask!  We take the security of our customers very seriously.  We know that social engineering threats are on the increase, and to combat this, we are actively encouraging that our customers implement two-factor authorization.

This would mean, that even if a user fell foul of social engineering and unwittingly disclosed their login details to say, their Hosted Desktop, the sneaky social engineer wouldn’t be able to gain access.  This is because they wouldn’t be able to bypass the second level of the login without the user’s smartphone, which would be asking them “Is that you trying to login?”  Of course, it isn’t.

For more information on social engineering, or how we can make your hosted service more secure, contact us via info@cloud2me.co.uk or by calling us on 01737 304210.