Would these social engineering techniques fool your employees?

To celebrate the release of two new cybersecurity Take 5 modules, Understanding Social Engineering and Phishing Awareness, we help you determine your company’s social engineering risk level.

Cybercrime is big business. Hacked or leaked datasets go for £1000s on the dark web’s black markets, and that’s just those containing names and email addresses. A recent McAfee report shows that more sensitive records – with addresses, passwords, national insurance numbers, bank or credit card details – are sold for upwards of £25 each.

This makes your business data a potentially lucrative target for cybercriminals – and with fines for data breaches soaring lately, you simply can’t ignore cybercrime risks.

When you think of cybersecurity, the first things that come to mind are probably hardware and software, and while it’s true that hackers would be quick to exploit any vulnerability found there, they have a far higher hit rate when focusing on exploiting people through social engineering.

Wondering if your organisation is at risk? Ask yourself the following questions to determine how well versed on social engineering your employees are…

Q: Would your employees download software, plug in USB sticks or insert DVDs without confirming they’re from a trustworthy source?

If yes, they’re at risk of baiting, a technique hackers use to trick people into downloading malware, which can then capture confidential information.

Q: Would employees verify their identities by providing sensitive information such as password, date of birth or national insurance number over email, text or telephone in order to fix an urgent issue?

If yes, they’re at risk of phishing, which involves hackers using official-seeming communications to attempt to gain confidential information.

Q: Would employees question a communication that was personally directed to them and included details their like address, phone number or date of birth to back up its authenticity?

If yes, they’re at risk of spear phishing, a technique which targets individuals or organisations with tailored communications including personal information, often obtained via other social engineering techniques, in order to seem more trustworthy.

Q: Would employees challenge someone phoning them up from the bank, payroll, HR or the government and asking them to update their records?

If not, they’re at risk of pretexting, which is what it’s called when hackers pretend to be someone else in order to obtain information they can use to steal people’s identities.

Q: Would they try and fix their computer themselves if they received an error message telling them of issues with it?

If yes, they’re at risk of scareware, which displays an alert telling users they need to download software to fix issues. While there aren’t any issues to begin with, there certainly are once the ‘fix’ is downloaded.

Social engineering poses multiple risks, and hackers are always coming up with new techniques. To prevent your employees becoming victims, you need to increase awareness and create an alert, vigilant culture. Follow these steps to protect your business from social engineering:

    1. Install and regularly update antivirus software
    2. Install, configure and regularly update a firewall
    3. Make sure employees read all emails carefully before responding; especially those containing links or attachments
    4. Train employees to identify when a link is pointing to a different website to the one it should do
    5. Ensure employees don’t click links or open attachment until they have confirmed they are safe
    6. Encourage employees to use search engines to access web links, rather than clicking them directly in emails
    7. Train employees to recognise falsified email addresses and verify emails by contacting the sender via their switchboard
    8. Make sure employees never give out financial or sensitive information over the phone
    9. Encourage them to ignore all requests for financial help or requests claiming they can help them financially
    10. Discourage them from sending sensitive information electronically without a secure connection, to a known person, using encryption where possible.

Following these steps will reduce the risk that social engineering poses to your organisation, as well as your employees.

DeltaNet

We now offer two new Take 5 micro-learning modules to protect your business from social engineering. Understanding Social Engineering provides awareness of the various techniques which put your organisation’s information at risk. Phishing Awareness goes into more detail about the various tactics hackers use to attempt to access confidential information that could be used to steal employees’ identities and compromise your data. Both modules feature an end-of-module assessment to test learners’ knowledge, and can be completed in just five minutes.

Seven new microlearning modules released

When annual refresher training time rolls around, you probably take it for granted that you’ll be hearing some of these common complaints:

  • “We’re too busy to complete mandatory training”
  • “The courses are too long and boring”
  • “We already know this information”
  • “It’s just a box ticking exercise to cover the company legally”

If any of these sound familiar, VinciWorks has the solution: Take 5 microlearning modules.

Out Take 5 modules are highly focused 5 minute bursts of learning built around behaviours that meet mandatory training requirements without taking up learners’ time, or re-treading material they’re familiar with.

Take 5s pack a lot of punch despite their small size. Each course features explanatory videos, audio narration throughout, and high levels of interaction.

Want to find out more? We have seven new Take 5 modules available now:

Money Laundering Challenge – do your employees know the lengths people will go to make laundered money look legitimate? In this challenge, learners discover how Frank the Fraudster laundered his cash, and must confiscate the laundered money by answering questions correctly.

Gifts and Hospitality Challenge – do your employees know what gifts are acceptable and what could be seen as bribery? Learners follow the story as a potential supplier offers an employee corporate seats at a football match – but can they make the right choices and keep hold of their integrity handshakes?

Setting a Secure Password – do your employees know how to set a secure password? This module shows learners how to set a strong password, keep it secure, and keep hackers at bay.

Is Your Information Secure? – your workplace contains more information security risks than your employees might realise. In this challenge, learners must collect all 8 information security shields by successfully tracking down the risks in a virtual workplace.

Don’t Get Burnt – would your employees know how to get to safety in the event of a fire? In this challenge, learners evacuate a building that’s on fire, but must make the right decisions along the way to make it out with all of their safety tokens.

Working with Dual Screens – there are numerous benefits to using more than one monitor, but failing to set them up correctly increases risk of injury. Once completed, learners will know how to set screens to the same resolution and set up differently sized screens for safe dual screen working.

Fire – Can You Handle It? – would your employees know which type of extinguisher to use if they had to fight a fire? In this challenge, learners need to choose the right extinguisher to put out all four different types of fire.

The above Take 5 modules are available now as part of Compliance Essentials and Health and Safety Essentials. Get in touch today to arrange a demo.