According to Wikipedia, in the world of information security, social engineering is defined as “the psychological manipulation of people into performing actions or divulging confidential information.”
Whoa! “Psychological manipulation of people” sounds pretty darn serious.
If you’re like most folks, the first thing that comes to mind when someone talks about hacking or cybersecurity is the more covert actions scrupulous individuals may take. You may think of someone tunneling his or her way into your network in the middle of the night to copy your data files or install programs that might track your keystrokes – or both.
This certainly still happens, but as most companies continue to improve their network security and the software manufacturers we rely on improve the security in their products, these actions are actually becoming more difficult for hackers.
It’s much easier for them to get an employee to just let them in.
Allowing a “person” access to a network computer via remote software bypasses most security protocols companies have in place. There are scams that take advantage of this. That “person” convinces an employee to do something to unwittingly help a hacker, what the security world calls social engineering.
As a business owner or manager, I’ll bet your first thought is, my folks would never do anything like that. Unfortunately, it happens quite often. In the past month alone, we have worked with two different clients whose employee allowed a remote hacker to access their computers.
In both cases, a message popped up on the employee’s screen that the computer had a virus and he or she needed to call an 800 number immediately. When the employees called, they were told the “support agent” needed to be given remote access. Subsequently, the employee was provided instructions by the hacker on how to let them in.
In both cases, the scam was intended to steal money by having the vulnerable employees pay for some service or product. But keep in mind the remote agents could have very easily installed malware that could spread throughout the network.
While we like to think our employees would never do anything so obvious, the reality is these scammers are good at what they do. Remember the definition above – “psychological manipulation”?
They know how to convince unsuspecting employees to give them the information they’re seeking.
For example, they know most employees are embarrassed and ashamed when they get viruses on their computers. So when they see an opportunity to remove a virus without their boss or coworkers knowing, they will probably jump at it.
There are many types of these social engineering scams in which someone preys on an unsuspecting employee to gain access. The hacker could simply be after money or perhaps a contact list. But it could be worse.
Because of this, it is worth the effort to develop a training program to inform your employees about the possibility of hackers using them to gain access to the network. Simply making sure employees are comfortable reporting any suspicious issues they come across can make a difference. Defining who is authorized to work on a computer is also important. If you have a support company, make sure everyone is aware of the company contact information and only allow a technical support professional from that company offer assistance.
For more information about security, please visit the US Computer Emergency Readiness Team website. www.us-cert.gov They have a “Protect Your Workplace” campaign you can use for your organization. You may also ask your IT provider to assist with employee training.
Never underestimate the ability of skilled hackers to gain access to your information assets by targeting your employees. It happens every day.
There’s a reason why so many organizations look to Atlantic Computer Services for the IT support they need to grow their business, and that’s because ACS provides honest, reliable, knowledgeable and friendly service. The company's goal is to serve as a technology partner, offering solutions that are affordable, uncomplicated and in the best interest of each individual client. Learn more about ACS, its services and its people at www.acs-ilm.com or call (910) 799-6538.
Audrey Elsberry - Sep 22, 2023