Tag Archives: social

The One Attack No Tech Can Stop

22 Sep 16
, , , , , , , , , , , , , , , ,
No Comments

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Contact a TechnoPro for more information.

Viruses in your Social Network

03 Nov 14
, , , , , , , , , , ,
No Comments

Computer users are smarter today than they used to be, but so are the internet bad guys trying to access your information. The online world is changing and social media has added a new layer to the level of awareness and diligence the average user must employ to stay safe.  Malware authors are becoming more and more creative and are frequently invading our favorite social networking sites with viruses, spam links, spyware and more.  In short, some of your favorite sites are being used against you.  The good news is that these threats can be avoided, but you need to know what to look for.

Most social networking viruses are triggered by users who are tricked into clicking on a link or downloading some software.  Twitter was recently hit with a virus that redirected users who clicked on shortened goo.gl links to a rogue antivirus site. After a quick scan, it incorrectly warned users their computers were infected with a virus and urged them to pay to download a phony software solution to get rid of the virus.

A little common sense goes a long way…but if you’re still not sure what’s safe, consider these tips:

  1. Be extra vigilant about any links you even think about clicking on while browsing your favorite social networking sites. Make sure you know which site you will be redirected to before you click the link. If you can, right-click the link, copy it and paste it into a Word document to see your likely destination. If it is not a site you know or trust, avoid it.
  2. Social networking viruses are often linked to sensationalist posts about celebrities or current news events, so be suspicious of links that boast over-the-top or unrealistic claims.
  3. Avoid third-party plugins that only let you view the information they advertise if you install their app. This is often a gateway to spreading a virus to all your friends and followers.
  4. Ensure that you have a good antivirus software solution that is up to date and running frequent scans on your computer. This is undoubtedly the best defense you can have against viruses on social networking sites. Products like these are the quickest way to detect and remove any viruses you may encounter accidentally.

Social networking sites are just as focused on eradicating this malware as anyone else, and most have their own security centers that are dedicated to finding and removing such threats. However, given the nature of these viruses, users have to accept some of the responsibility because the virus is only activated when someone clicks on it.

So, should you avoid social networking sites? No, but it is important to exercise caution while using them, and to make sure that you have a good antivirus solution on hand in case the worst happens.

Is your business beginning to use social media more in marketing efforts?

Contact us to learn more about antivirus solutions and how you and your employees can stay safe.

Like what you’ve read?  Use our social media buttons to share this information.