This year, there are a lot of scary statistics related to social engineering fraud. A 2017 Federal Bureau of Investigation (FBI) Public Service Announcement stated that between January 2015 and December 2016 there was a 2,370 percent increase in identified exposed losses by social engineering.
You might have heard about this one: A couple of men walk into a business with fireman’s badges, walkie-talkies, proper identification, etc. They tell the receptionist at the front desk that they are there for a routine fire safety inspection. The receptionist lets them in because they look and play the part perfectly. The two men split up, seemingly conducting different parts of the fire inspection and return to the receptionist 15 minutes later, explaining they have completed their assessment. They walk out the door and are never seen again. Nothing to worry about, right?
Wrong. The employer has just been the victim of a well-thought-out social engineering scam. Days or weeks later, their computer system is compromised, customer credit card numbers are stolen and sales are dropping. So what happened?
Social engineering is the act of taking advantage of human behavior to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system — people. For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank — all while posing as fire inspectors from the nearby fire department as seen in the example above.
Social engineers don’t need to have expert knowledge of a company’s computer network to break in to a business — all it takes is for one employee to give out a password or allow the engineers access to an area they shouldn’t be in.
If you can learn to identify the ways in which a social engineer might try to break into your business, you can stop a threat before it begins. Social engineers are masters at blending in. They research their target for weeks or even months, learning the smallest details to gain entry into a company. They are often sweet-talkers and their body posture lets others believe they belong.
Social engineers often work in groups of two. In the opening example, the two men split up to conduct a “fire inspection.” Keeping them together could have saved the company a lot of time and money. Always make sure there are eyes on visitors at all times.
Being the victim of a social engineering scam can have a wide range of effects on your business including:
All these effects take a lot of time and money to reverse. Because humans are naturally trusting, it can be difficult to identify when we are being socially engineered. However, there are ways to prevent social engineering from potentially ruining your business:
Clear policies. There should be policies in place at your business that limit or eliminate the amount of sensitive information that is made available to your employees, customers or the general public. Never allow employees to give out passwords or credit card numbers over the phone. If this information is needed by another employee, meet face to face.
Social engineering can be a very effective way for a criminal to steal your digital assets, and organizations should do everything they can to protect them.
If you’re in the Milwaukee area, please join us for a half-day seminar on September 28, "Cybersecurity for Executives: What You Should Know and Do to Protect Your Company." If you're not able to attend this event, we still have you covered: Register for our November 30 webinar "Cyber crime and data breeches: Understanding the new risks of doing business in the digital age." To learn more about other resources and coverage options to protect your company against losses from social engineering, please contact us.
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
The world is different than it once was. It used to be that you needed a 30-foot phone cord to take the phone into another room just so you could have a little privacy, and that when you left work, you really left work, since there wasn’t any way to login remotely.
Nowadays, technological advances have made us truly mobile by enabling us to stay connected 24/7/365. While the workplace impact of 24/7 connectivity has meant that employee productivity has been on the rise, along with it comes challenges that couldn’t have been imagined even 15 years ago.
With massive data breaches at organizations such as Target, Dairy Queen, and JPMorgan, businesses are becoming more aware of the threat of hackers and external threats to their data. And while it’s important to protect yourself from such exposures, history has shown that the real enemy lies within our own companies. Don’t believe it?
Send a Message
Find a Location