Appeal to Human Nature to Prevent Cybersecurity Breaches

Phishing is one of the most common ways hackers use social engineering to gain access to your data and systems. Learn how to incentivize workers to stay secure.

Employees are in the spotlight today … and not in a good way.

Employees are increasingly the target of cyberattackers who recognize the vulnerabilities that can be exploited by targeting people, not systems. Increasingly, hackers are using social engineering (the manipulation of people so they give up passwords, credit card numbers or other sensitive information that can lead to system take-downs systems stolen data) to commit their crimes.

“Hackers have switched their game plan. Instead of trying to take down firewalls, they’re targeting employees,” notes the recent Cybersecurity Insight Report by CDW. “By using social engineering and simple phishing schemes to breach a company, they’ve discovered a low-tech, albeit very powerful way, to infiltrate networks.”

What Is Social Engineering?

Social engineering is a way hackers prey on human emotions and innate desire to trust another person. The consequences of this trust can be the infiltration of systems. Here are several examples of phishing attacks, one of the most common social engineering tactics:

  • An email claiming to be from a corporate help desk asking an employee to change their password, citing an urgent threat
  • A request from a supervisor to assist with a special project
  • An email labeled Confidential asking an employee to review a memo about raises, a sensitive customer issue or a safety matter

The common thread? A desire to do right by the employer, supervisor or coworker. The common approach? Asking an employee to take action — clicking on an attachment, going to a website and/or sharing access information.

Employees who fall for these ruses end up providing hackers with valuable information that can lead to widespread system vulnerability. Websites are held ransom. Sensitive data are stolen.

Here is a look at some of the most common forms of social engineering that trick unsuspecting employees:

  • Phishing. A common attack vector, phishing attacks are typically generated via email or text, seeking information or action
  • Baiting. A victim needs to react to bait, such as a USB drive that, when connected to a laptop or desktop, unloads malware or viruses
  • Email hacking. Similar to phishing, email hacks can send fraudulent emails to every contact in an email account, asking for a favor or spreading malware via an attachment
  • Pretext. A classic attack vector, this approach uses a fake premise to get a duped employee to take action. This is the category that includes long-lost inheritances or distant deceased kings needing your help in accessing the money
  • Vishing. A voice version of phishing, with a scammer posing as a co-worker, customer or partner with a critical need for someone’s login credentials or bank account numbers
  • Quid pro quo. A fraudster can make a deal seem fair or a bargain, but it’s usually the cheater who comes out on top

How Can We Stop Social Engineering Attacks?

Businesses have ample tools at their disposal to prevent these attacks, including content filters; anti-phishing, anti-malware and anti-spam software; firewall and zero trust monitoring; and employee training. All are good parts of a comprehensive defense strategy.

But just as hackers appeal to base human desires with social engineering attacks, your defense should also include carrots and sticks. For the latter, that means testing employees with fake phishing attempts and requiring corrective training for those that fall susceptible.

On the other side, your business should reward employees that call out suspected emails, who thwart a vishing attempt or report a failure to follow policies related to authentication, verification or secure business practices. Following security guidelines should be a portion of performance evaluations. Rewards should be offered for identifying vulnerabilities and recommending solutions.

Appealing to human nature is at the heart of social engineering attacks. It should also be a part of your deterrence and awareness rewards, too.

Corptek helps Fort Worth-area companies with managed IT services and cybersecurity solutions. To learn more about how we keep your employees, data and systems safe, contact us today.

Corptek
5.0
Based on 10 reviews
Jason and his team are awesome! They are extremely knowledgeable about what they do. They care a lot about their clients, and are available anytime there is an emergency situation. The turnaround response time is impeccable. Our firm is so blessed to have found Corptek Solutions when we did. With Corptek, we now have peace of mind when it comes to problems that arise that are beyond our expertise. They are passionate about what they do, and it shows in their work. I would recommend Corptek to anyone.
Deborah Crawford
Deborah Crawford
20:29 10 Dec 19
We've been doing business with this company for over 6 years. Their response time is great, they make themselves readily available for any questions or concerns, and their customer service is excellent. Corptek staffs friendly, patient, and relatable professionals that communicate well and empower their clients to continue business confident that their IT needs are covered.
Klarisa Perry
Klarisa Perry
19:55 09 Oct 19
Corptek Solutions has been taking care of all of our computer and network needs for over 10 years! Great service! Always prompt and takes care of any issues very quickly.
Dee Murphy
Dee Murphy
21:22 27 Sep 19
I am so grateful for the team at Corptek. They are always a text connect away when I need them. If you need a IT team for your small business these guys are the best.
Tonya Davis
Tonya Davis
19:50 27 Sep 19
We have been a Corptek customer for several years. Jason and his team always make us feel like their top priority.
Walter Leon
Walter Leon
17:11 26 Sep 19
Neil is very knowledgeable and trustworthy. I highly recommend Corptek.
Mike Allbee
Mike Allbee
03:04 26 Sep 19
We have used Jason and Neil for many years now and continue to be pleased with their service. As our business has changed over the years, they have been there every step of the way.
Kristi Webb
Kristi Webb
17:29 18 Sep 19
We recently started working with Neil and Jason after having a terrible experience with a prior IT company. They have been a true blessing! They are so easy to work with and their knowledge is outstanding! They jumped right in and got the business back up and secure again. They will be installing a new server for us and I am very excited to be able to sit back and not worry about whether it's going to be done correctly or not. They also pointed out several security issues that the prior company never mentioned. I look forward to our continued business with them! Thanks again guys!
Jamie Beasley
Jamie Beasley
15:52 07 Aug 19
Corptek Solutions has been a great partner to our company.
Korin Roehm
Korin Roehm
14:10 27 Jun 19
We recently overhauled our cobbled together collection of PC's & added a server to our system. Our experience with Corptek Solutions has been fantastic! Neil & Jason are the best. They have consistently gone above & beyond our expectations in response & communication. In addition they have offered up powerful recommendations which have amplified our productivity considerably. I would highly recommend them to anyone with a need for a superior customer experience regarding IT.
Roger D. Carroll
Roger D. Carroll
20:08 12 Jun 19