Don’t Become a Victim of Social Engineering

Social EngineeringYou can have the best in computer and network security but if you or one of your staff members inadvertently give out some information all the security can come to nought.

Social engineering is the art of manipulating other people to take certain actions or divulge private information. Some hackers use social engineers techniques and skip the hassle of writing code and go straight for the weakest link in your security defenses – you and your employees. A seemingly innocent phone call or email may be all it takes to gain access to your computer systems, despite having solid software and hardware protections in place.

Here are a few ways on how social engineers work:

Email: Pretending to be a co-worker, supplier or customer who needs a simple piece of information. It could be a money transfer, contact person or some sort of personal details that they pretend they already know, but simply don’t have in front of them. The hacker may also create a sense of urgency or indicate fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly responds with a reply.

Phone: Posing as IT support, government official or even a customer, the hacker can manipulate your employee into changing a password or giving out information. These attacks are hard to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.

In person: A person in uniform or a repairman can easily get past most people without question. The social engineer can then quickly move into sensitive areas of your business. Once inside, they become invisible and are free to install network listening devices, read a Post-it note listing passwords or gain information and tamper with your business in other ways.

It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated but can be extremely effective. Your staff have been trained to be helpful, but this can also be a weakness.

So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk person taking calls and welcoming visitors is at higher risk than the back office or factory worker. We recommend cyber-security training for each level of risk identified and focus on responding to the types of scenarios like those listed above. Social engineering is too dangerous to take lightly.

Talk to us about your cyber security options today. Call us at 08 8326 4364 or at support@dpcomputing.com.au

How To Stay Cyber Safe When Travelling

Mobile Cyber SecurityWith cloud computing people are embracing the flexibility of working away from the office (whether at home or travelling) and working by simply accessing the relevant data or applications via the internet..

When in the office, you are protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from that network those protections disappear and leave your device and the data inside at greater risk.

Cyber attackers love to collect any data they can obtain – business or personal doesn’t matter to them as it can all be sold. These days the information stored on your device can be worth much more than the actual device.

Here are 3 ways a hacker may attack:

Random Opportunity: If you have left your laptop at a café or a thief has stolen the phone from your pocket, the outcome is the same – that device is gone. Hackers take any opportunity they can to gain access to a device: including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes – if they don’t steal it the device is handed back laden with spyware.

Creating a fake Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers though will take advantage of this to create their own free, unsecure network just waiting for someone to connect. Once a user is connected a hacker can  grab any unsecured passwords sent across the network.

Intercepting an Unsecure Network: Hackers don’t even need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

Don’t let these issues stop you using the Internet when out side the office. Just take the following precautions to increase your cyber safety and help protect your valuable data:

  1. Regularly make backups: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Be careful when using public Wi-Fi: Don’t use passwords or email when on a public network. Use a VPN or a 4G connection (ie tether your computer to your phones data connection) when you are accessing sensitive data or logging in to secure sites.
  3. Use passwords and encryption: At a minimum, make sure your device is password protected and has full drive encryption. With a password and drive encryption even if your storage drive is removed from the device the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate companies and people. This might include your IT provider so they can change passwords, your bank and any other financial institutions so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

If you need further help with mobile cyber security contact us on (08) 8326 4364 or on support@dpcomputing.com.au.