Social Engineering: Protecting Yourself – D.K. Stepanko

This is the last of a three-part series about Social Engineering and the Human Firewall. In this post, I will write about measures you can take to try to prevent yourself from becoming another potential headline.
Part I of this series can be found here.
Part II can be found here.

Protecting Yourself Against Social Engineering

The hardest thing about protecting against Social Engineering is questioning everything. We all want to wear the rose-coloured glasses and assume that everyone is good natured and not out to cause trouble. Sadly, this may not always be the case.

Over the past year, F12 Networks has started putting security measures into place in an effort to prevent any potential breaches along with being in compliance to industry certifications that we have attained. To name a few:

  • All visitors must be accompanied by their host, wearing an ID badge, and be checked into our reservation system
  • Front desk being staffed at all times to greet our visitors
  • Mandating computer screen lock timers and educating our staff and users about ensuring their computer is locked before they leave their desk

As I mentioned in the previous article, Social Engineers are after information that you may not consider important but will give them an advantage in attempting to cause a breach.

Some tips to help protect yourself against Social Engineering:

  • Educate yourself – Learn about the types of attacks that are happening
  • Be aware of the information you’re releasing – Do they really need to know who your HVAC company is? Janitors? When key individuals are away?
  • Ask your manager/superior – If you’re not sure you should be giving out this information, ask! We all want to be helpful but that is exactly what they are preying upon. A fresh perspective can be a helpful thing!

Protecting Against Phishing/Spear Phishing

This comes down to good internet/email habits by the user. The biggest thing a user can do is to hover their mouse over the link that might be in their email. This causes the email application, Internet browser, whatever piece of software a user is using to display the actual destination of the link. Does it match? If it doesn’t, it’s probably going to take you to an unverified site and attempt to gain information from you. Does this link actually take you to www.facebook.com ?

Here are some other Red Flags you should look out for:

  • Do you know the person who sent it to you? Do you have a previously-existing business or personal relationship with them?
  • Is the subject line relevant to the body of the email? Is the email a reply to something you never sent or requested?
  • How is the spelling and grammar of the email? Is it out of the ordinary for someone that you have previously communicated with? Does the email address have the name of a common domain misspelled?
  • What time was the e-mail sent? Does your CEO/manager/colleague normally send emails at 3 in the morning?

We, the end users, are the last, and, in regards to Social Engineering, the most important line of defense. There are companies out there making big money selling their services in training end users and providing Security Awareness Training.

I’ve borrowed a lot of information from one of them. The company is known as KnowBe4 and their website contains a wealth of information on Social Engineering and Security Awareness if you would like to know more.

Note: KnowBe4 is not affiliated with F12 Networks in any way.

The discussions that I have had with my fellow Networkers and clients have been eye opening and enlightening. I’m sure my conversations on this topic won’t be stopping anytime soon; feel free to reach out if you’d like to get involved in them.

D.K. Stepanko
Advanced Computing

 

Leave a Reply

Your email address will not be published. Required fields are marked *