Protect your employees — and company —by following these tips for helping to prevent a social engineering attack. No matter how tight a security network is, hackers will exploit employees to execute a variety of hacking techniques and phishing scams via social engineering tactics. Remember to educate your employees on this important information.
- Never provide confidential information, data or credentials via email, chat messenger, phone or in person to an unknown source.
- If you receive an email with a link to an unknown site, DO NOT click it immediately. Review the URL to ensure it is not suspicious. Hackers can create emails that appear to have come from a known source but are not legitimate. If it looks fishy, it probably is!
- Before clicking on links in emails, or on websites, look for misspellings, @signs and suspicious sub-domains.
- Look out for uninitiated or automatic downloads when clicking on links. It could be malware piggybacking on your system. Report such activity immediately to your security manager.
- Follow ATE – AWARENESS, TRAINING and EDUCATION. No matter the level or position of an employee, all employees should be held to the same level of security awareness.
- Website administrators should regularly check for any private or confidential information that could have been inadvertently uploaded.
- Block USB devices in order to reduce the risk of baiting. Baiting is when an attacker tempts users with free, or found USB drives, and relies on their curiosity – if the device is plugged in then the attackers can access the network.
- Use two—factor authorization in order to make it difficult for hackers to enter your system.