Network security is important if you want your confidential data kept.. well, confidential. No matter how tightly guarded your digital information is, whether through encryption or security protocols, vulnerabilities still exist. You may be surprised to know that most are typically of the human variety. In fact, social engineering, more times than not, is what makes or breaks a business’ network security.
If you want your company’s data safe I cannot stress this enough.
Social engineering is any attempt to persuade someone to do something in your best interest. Everyone has used persuasion to gain something from another. Social engineering works much in the same way. Smart hackers use it to obtain sensitive information in order to access critical systems, social networks, or databases.
People instinctively try to be helpful to each other when asked. Social engineers will use that behavior to their advantage. This is why all employees, especially those that deal with sensitive data, must be trained to not only be friendly and helpful, but also recognize the line between helpfulness and unwittingly giving out valuable information.
Consider motives and use common sense
It is important that all employees use common sense when answering questions over the phone. Sales representatives should be trained to only answer questions about products and services. Office personnel should be given written instruction that details how information is shared and disseminated. It’s at these crucial junctions in the wheels of commerce that a crafty hacker will know how to gather the information needed to launch a successful attack or compromise.
Employees should consider the motives of whom they are speaking to. Use common sense. If someone asks a questions that blatantly disregards company policy this should be a red flag. Be sure to train employees on what questions may be used to infiltrate security and advise them to seek a manager during those situations.
A sense of ownership
Instill a sense of ownership in everyone who works for you. All employees should have a sense of ownership to private information within the company. They should understand that leaking important information will not only hurt the business, but them as well. In addition to this, if the industry you are in handles sensitive data, employees should understand that they should stay on top of security, whether at home or at the office. There is no reason why social engineers would not also target employees in their personal lives. It is just as easy to get office extensions as it is to get home telephone numbers.
Update passwords regularly
It’s always good practice to routinely change passwords to company accounts. It’s even more important to do so when employees leave the company, whether through good terms or not. You need to keep internal security as tight as possible, so any time an employee with certain access levels leaves it is a good idea to update your passwords. A better solution is assigning unique passwords to each employee.
Company policy should protect information
Business owners need to understand no matter how much effort is put into stressing the importance of security, individuals will unknowingly leak information, especially in businesses where there are over 100 employees. So the best way to keep data safe is by implementing strict company policies on information exchange.
For instance, require all inquiries to be answered through e-mail by not just one individual, but a team who will carefully consider the implications of releasing such information. When in question employees should always seek a manager.
A good rule of thumb would be to allow only a minimum amount of employees access to sensitive information, these employees should be carefully selected.
All in all, you should never easily dismiss social engineering. Don’t think it can happen to you? It worked on Walmart. And the entire conversation was broadcast to the entire Defcon conference in Las Vegas.