What is Social Engineering, and how can it negatively affect your business?
It’s no secret that the internet makes modern life much more convenient, but with all that convenience, comes a substantial risk to your sensitive personal and business information. When you think of online threats, the image of a lone computer hacker sitting in a dark room frantically typing probably comes to mind. The new reality, however, is that these kinds of threats to your information are much more ominous, because they are becoming much more social and difficult to recognize.
The term “Social Engineering” refers to all the tactics someone might use to gain personal information. Simply put, it’s a social interaction that is completely orchestrated to make you feel safe enough to divulge some kind of personal information, often without you even realizing that’s precisely what you’ve done.
In his book Social Engineering: The Science of Human Hacking, Christopher J.Hadnagy recounts a story of an internet blogger and researcher who wanted to see if she could locate the social media accounts for former FBI Director James Comey. Obviously, and individual at this level is going to be extremely cautious with their social media usage, if they’re using social media at all. It’s not like you can just search the name of the FBI Director and find out everything you want to know about him, right?
With the tiniest bit of information, this researcher was able to find seven social media accounts linked to James Comey. How? First, she searched and located Tweets by other people congratulating James on his promotion to FBI head. The names of those Tweeters lead her to Instagram, where she identified Comey’s family members. She then noticed Comey’s family members had one follower in common, called “reinholdniedbuhr.” A quick google search confirmed that Comey wrote about Reinhold Niebuhr as his thesis, which then confirmed seven social media accounts using that name as belonging to James Comey. If the Director of the FBI was that easy for a stranger to find, how secure are you?
WHO IS MOST AT RISK FOR THIS KIND OF ATTACK?
Frankly, everyone, and here’s why. While the ultimate target of socially engineered attacks are generally high worth individuals and high-level leaders, anybody connected to those people in any way also becomes a target. Let’s say you own a highly successful business. You might be hypervigilant about protecting your personal information, but what about everyone else around you? If one of your high-level employees strikes up a conversation at the local bar after work with a similarly dressed stranger, what might they unwittingly divulge once they feel comfortable in that interaction? Maybe you’re not on social media at all, but if your kid is posting selfies from their bedroom and the location information isn’t disabled from their photos, the whole internet now knows where you live. With just a few bits of data, a whole world of information can be found about you.
what can you do about it?
Thankfully, there are lots of different ways to protect yourself. Traditional measures like firewalls, anti-spam filters, anti-virus and the like are always a good start. Being mindful of what you share on social media is also extremely important. Commenting with your answer on a seemingly innocent post that asks “What was the name of the street you grew up on?” might seem like no big deal, but you’ve likely just divulged an answer to a security question you’ve set up somewhere. Remember that even the smallest, most seemingly mundane bit of information can be used to gather a whole host of information about you. And finally, and possible most importantly, train and educate those around you. Security and social engineering training with your employees can prove to be one of the most invaluable things you can do to protect yourself. Securing your information goes far beyond just you.
want to better protect yourself, but not sure where to start?
We can help! At Single Point Technologies, we understand the devastating impact these kinds of threats pose, and we’re dedicated to partnering with our clients to keep them safe and to keep their sensitive information secure. We offer our clients a comprehensive and ongoing service strategy that spans from utilizing the right technology to keep your information safe, all the way to training your staff and even your family on all the ways information can be inadvertently leaked. We’re here to keep you secure, so you can focus on everything else.
Want more information? Contact us today to chat about what we can do for you.
FEEL FREE TO DROP US A LINE.