Modern-day fraudsters use every trick in the book when it comes to infiltrating a network. They are well prepared, well researched, and highly innovative. One of the most common tactics used to glean valuable information is social engineering, using techniques such as phishing or collecting data from social media. Sensitive information innocently revealed on social media could expose individuals - and by extension, organisations - to increasingly sophisticated cyber-threats and advanced attacks into corporate networks.
Despite the increased use of social media applications, both inside and outside of the office, our own research reveals how workers are still failing to fully protect themselves from the complex, and regular, social engineering techniques that we see today. In particular, employee behaviours on social media and messaging applications make them a prime target for hackers hoping to leverage personal information to illegally enter a corporate network. In many cases, social engineering techniques are becoming so sophisticated that it's virtually impossible for everyone in an organisation to avoid falling victim at some point, but many employees are making the job much easier for social engineers by leaving glaring gaps through poor social media security practices.
Protecting the people
Organisations hoping for comprehensive and complete security are only as strong as their weakest link. This is often their employees. Social engineers, therefore, prefer to start by hacking people, not computers, so organisations can make great strides by addressing the "human factor". Employees should be encouraged to protect themselves online, with simple and easy solutions such as setting strong passwords and using different ones for every application, as well as leveraging the privacy settings provided in social media apps.
Worryingly, our research reveals that 60 percent of employees still have their social settings set up in a way that anyone online can access and view their profiles. The risks are real for all generations, including the typically more tech-savvy millennials. We found that these risks are also prevalent across job sectors, even those working in IT departments. Employees often haven't received the required training to spot potential social engineering pitfalls, or what to do when they suspect that they have been compromised, leaving them and the organisation at considerable risk.
Not just an education issue
Clearly, much needs to be done in addressing the risks posed by social engineering. Both the company and employees must increase their awareness and understanding of the potential threats which arise from the human factor. Cyber-security awareness needs to be communicated across the entire company to reduce the likelihood of employees getting duped. At the same time, organisations need to support users by providing better security controls to compensate for those times that they do fall prey to social engineering so that the compromise doesn't lead to a data breach that impacts the entire organisation.
The potential consequences of an online breach can be monumental. Brand reputation is perhaps the biggest consequential fallout, resulting in a loss of trust from customers. Ensuring a company has the right protection in place, which is regularly reviewed and updated, is paramount to digital age cyber security.