Our last article on Social Engineering highlighted the various techniques social engineers maliciously gain access into personal information and commit frauds. It is obvious that social engineering attacks highly depend upon the human errors so prevention of security breaches from such attacks is notoriously difficult. Social engineering attacks are extremely hard and sophisticated to detect even with most advanced security tools.
Nevertheless, we believe the primary measure to defend against the social engineering attack is to focus on Education, Training and Awareness (ETA) programs for your staff and technology users in your organization.
Below are some of the tips we have curated from our various sensitization programmes on different countermeasures that exist to stop social engineering attacks:
Do not publish enough information about yourself or your business on social media like LinkedIn, Facebook, Twitter, Instagram etc. as such information can be used by a social engineer.
Be careful while making use of personal information in a public place like entering the password of an ATM, email or any accounts or having a conversation in person or phone and make sure to log off from all accounts used in public areas (like cybercafe, library etc.).
Make sure to erase all data from magnetic media and shred all papers that contain the personal information before they are placed in trash or bin.
Preventive measures at the Developing Relationship stage differ for direct interaction and indirect interaction attacks
An unknown person should not be added to the network and individuals should choose Privacy Settings on Social Networking sites that provide the greatest security.
Be aware and reject any offer or services from a suspicious person or company and do not rush to open those mail as those might contain the malicious program.
Checking the sender’s email address before taking any action is highly recommended.
Avoid visiting the suspicious site, do not open an email from an unknown person, do not share the password or system, log off all accounts when done, make use of a strong password, forward the call from outside.
Do not install an unauthorized application on mobile/computer devices as they might contain malware.
Maintain software (antivirus, firewall, etc.) up to date is an effective way to prevent social engineering attacks as a social engineer often seeks to determine the unpatched, out of date software that target is using.
Avoid handover of confidential or personal information over the phone, online or in-person must be rejected unless the identity of the person asking the information could be verified.
Individuals receiving calls or email of winning the lottery should be aware that they cannot win a lottery or prize that they never partook in. When it looks too good to be true, it’s often not always true.
Accounts and personal data should be monitored regularly so that you would be aware in case of any attacks.
Be aware and suspicious of any email or SMS that develops an environment of emergencies such as email/SMS stating to be arrested if tax is not paid immediately or email/SMS that state some story that requires to be responded to urgently.
Using two-factor authentication for the accounts, make the account secure even if login credentials are compromised.
Always use a different password for each service and create a strong and complex password so that they cannot be guessed easily. Changing password frequently is highly advisable to mitigate the social engineering attacks
Lastly, some of the indirect human interaction attacks can be detected by implementing tools such as:
Email Gateway, used to filter out the spam emails that could reduce spam by up to 99.9%,
Anti-Phishing Tools that connect to a database of the blacklist of phishing website are useful in defense against the phishing attacks,
Robocall and spam call blocking application like Nomorobo,
Hiya Caller ID and Block, RoboKiller, Truecaller, and YouMail Voicemail & Spam Block can be installed on individual mobile that is useful to block telemarketing calls.
The training of your team on safe behavior on internet/phone/computer is pivotal for mitigating against cyber-attacks. Our team have a deep understanding of IT Security industry, strong technical competencies, and an outstanding track record both in the private and public sectors with tested methodologies and best practices to protect our clients. We will be glad to help you mitigate against social engineering, classify, and protect your sensitive information and handling different social engineering attacks for you.
Reach out to us today via our email: firstname.lastname@example.org or phone number: 09 2911443