Cybersecurity in the Ballot Box, the Bistro and the Bedroom
October is National Cybersecurity Awareness Month, a time when organizations across America join together to educate the public about cyberthreats like social engineering (especially phishing attacks). This year, it’s also the last full month to decide your vote for the 2020 election. As citizens consider the future of our country, we see the tech giants coming together to prevent election crime, while tech users struggle to keep up with device security. With online fraud on the rise, how do you know your business is protected from a cyberattack, especially when considering advanced techniques like social engineering?
National Cybersecurity Month comes to us from organizations that promote assertiveness, rather than paranoia. We don’t have to be afraid of our connectivity or our devices. On the contrary, we need to embrace them holistically and attentively (and with a little help from the cybersecurity experts).
How to stop social engineering attacks at work and at home
Do Your Part. #BeCyberSmart.
Home Connectivity: This week’s cybersecurity awareness theme is “Securing Devices at Home and Work.” When reviewing the year, did you spend time working from home? Did you have children suddenly in Zoom classes, rather than in a traditional classroom? Did you have the resources you need (virus, malware, and ransomware protection) to stay safe online?
Business Technology: Your business couldn’t operate without digital interactions with devices outside of your office walls. Furthermore, your business can’t operate without a dedicated plan for protecting employee and customer data. How do hackers get into your system? Common external penetration methods include baiting, phishing, and spear phishing.
Baiting: Curiosity killed the network
First of all, baiting attacks can begin with hardware or with software. For example, a hacker can leave a corrupted flash drive on your desk, and the attack begins with the physical action of a user plugging it into a laptop and then clicking through files that install malware throughout the system. How to stop this social engineering technique from attacking your business begins with employee cybersecurity awareness training.
October is a perfect month for bringing in external cybersecurity resources to help bolster your team. To begin, we can provide system assessments that surface hacker access points. Then, our engineers can test your users. For example, our security technicians can engineer a scareware drill to make users think they’re clicking to patch, when really they’re getting tricked into a click. If your employees understand the various forms of baiting, then you can prevent a data breach.
Phishing: The one that got away
Did you ever see a prompt to “click here” or “download now” from an email that was obviously fake? In the past, phishing emails were more obvious. A strange font or a missing signature was clue enough. Unfortunately, advanced social engineering technology now lets a cybercriminal twin a real user’s software behaviors.
Because phishing is the most common social engineering tactic, NIST recently developed the Phish Scale, a cybersecurity tool that helps businesses surface network vulnerabilities by assessing cues, click rates, and user interactions in regard to phishing email difficulty levels. This new method of testing phishing attempts assists cybersecurity experts by evaluating spoofed emails through advanced data analysis. CIOs, CISOs, and other technology experts can use this tool to optimize phishing awareness and training programs.
Spear Phishing: In IT together
Often, a phishing email comes to your inbox addressed specifically to you but without personal information as part of its composition. Therefore, signs of imitation are more easily observed. “Click to download” prompts hesitancy if the email comes with a generic invitation.
When an email comes through with more personalized data, like a personal email signature or an attached thread of coworkers, it can trick you into thinking the sender is legit. In this case, a hacker follows the digital footprints of a user and engineers that data to create a personalized phishing attack. Think of this as the Shakespeare of social engineering, and the play is written for you and with you as the inspiration.
When organizations create security strategies in an effort to prevent social engineering attacks, phishing prevention is always a sign of a thorough plan. When considering phishing emails, keep in mind that malware can stay undetected in a system for months before the IT department discovers the penetration. Spear phishing can prompt a sly malware that quickly infects an entire network.
Vote to Stop Cybercrime
At EstesGroup, we know how to stop social engineering attacks from harming your business. Furthermore, we know how to take the worry out of IT. Protecting everything from saved credentials to individual clicks, our cybersecurity experts defend your business while you do the work you love. Do your coworkers need practice in recognizing the fraudulent behaviors fueling social engineering attacks? October is a perfect month to initiate new security policies and procedures, and to test your cybersecurity plan.
EstesGroup is a 2020 National Cybersecurity Awareness Month Champion. Please join us for a webinar on the most advanced cloud solutions available to businesses. Read more about National Cybersecurity Month at the National Cyber Security Alliance (NCSA) or at the Cybersecurity & Infrastructure Security Agency (CISA).