WELCOME HOME, MALWARE
TIME TO MAKE YOURSELF AT HOME
Human manipulation fuels social engineering techniques, and basic security measures, like anti-virus software, often can’t prevent innocent behaviors, like trust, from compromising your data. Hackers frequently penetrate corporate networks because employees open the door. Necessary to break the trust-manipulation cycle, advanced security solutions can detect, and even predict, social actions that lead to system infiltration. Advanced attacks that use subtle social engineering techniques often come and go without a trace, so how do you prevent sophisticated attackers from making themselves at home in your business?
A hacker’s “Welcome Home” sign might be on an open Wi-Fi network, or it might be on your personal computer, or even your phone. A social engineering attack taps into your life in a way that can feel “like home” to you. Soon, the person you trust takes over your “house” of data, and this can be at both home-life and corporate-life levels, at the same moment, since you might integrate work and home through the use of your mobile phone, laptop, smart watch, tablet (maybe even through a Wi-Fi enabled coffeemaker).
If you leave your doors unlocked, people might crash in your digital living room even while your computer is sleeping. If you have dozens or hundreds of employees, each human presents at least one door to your data. Multiply this by the average number of devices employees utilize for work optimization (desktops, laptops, mobile phones, tablets, smart televisions), and you’ll see that your business has hundreds of thousands of access points.
Businesses naturally have an “open door” culture. You want new clients. You want good growth and reputation to result from your offerings, and this means you have to interact with strangers on a daily basis. Stranger danger? Not if that stranger has the potential to become a favorite customer. This is why it’s critical to understand the nuances of social engineering techniques (or partner with a managed IT team that does).
Because companies leave their virtual doors open, they attract attacks that utilize simple social engineering strategies (no hacking genius required). Detecting these nefarious online behaviors often takes advanced cyber analytics, and preventing data breaches begins with training based on what is known about these cyberattack strategies.
Here are 3 ways hackers let themselves in and make themselves at home in your network:
32% of security breaches begin with phishing attacks. If someone knows your email address, then you can receive a phishing email. How do you prevent these attacks when you’re a business owner constantly giving your email address to strangers? If you do any of the following behaviors, you’re at increased risk of a phishing attack:
- You exchange business cards at conferences, trade shows and other social gatherings.
- You publish your contact information on your website or on online social networking pages.
- You use email to communicate with your employees, partners, customers and potential clients.
- You respond to emails quickly, often overlooking small details in the delivery structure.
Save money. Save time. Download free software. Fill in a form or upload your business card and get free information. The bliss of the internet is free exchange. You can hop from one website to another, learning for free and networking for free, all from the comfort of your sofa, saving time and travel expense. Sadly, the risk of “free” malware comes with every exchange that happens in our connected online world. If you do any of the following online activities, you’re at increased risk of a social engineering attack:
- You skip the fine print and click the download button before reviewing terms, agreements and privacy policies.
- You see a website you like with content you want, so you freely give your name, address, phone number, and maybe even your employment information, in exchange for a download.
- You download free apps and sign up for free trials.
Hackers often look over your shoulder to get the information they need to access your data. You might be at a coffeeshop talking to a friend while your unlocked phone sits cup-side. Maybe your phone is also on open Wi-Fi, leaving multiple open doors into your private life. E-espionage often happens at the places you love — your favorite deli, your downtown square — tranquil places, where you don’t feel a sense of vigilance. You are at risk of becoming a social engineering attack victim if you do any of the following activities:
- You leave your laptop, phone, or tablet on the table when you see your friend in line at the coffeehouse and get up to say hello.
- You turn password access off on your phone so that you don’t have to unlock it later.
- You use public Wi-Fi networks.
- You have the same password for multiple accounts so that you’ll always remember your login credentials.
If you got through these lists without a hitch, then you’ve taken the right steps to prevent social engineering techniques from ruining your life with ransomware. Unfortunately, the hackers could still carry you over your own threshold. Why? Because as soon as you add coworkers or friends to your contact list, and as soon as you begin to communicate using your devices, you introduce new risks.