Small to medium-sized businesses (SMBs) are often less prepared to deal with security threats than larger businesses.
In 2016, over 50% of companies experienced a ransomware incident in the UK. According to 1000 IT service providers; the lack of cybersecurity awareness amongst employees is a leading cause of a successful attack.
It has been shown that the majority of ransomware attacks is achieved through social engineering, leveraged by hackers, which involves manipulating a person to access private information.
For hackers, social engineering is the easiest method for obtaining access to private corporate systems.
Top five social engineering scams
Everyone should be aware of social engineering. It is essential that employees know the main characteristics of these attacks, to avoid falling victim to them.
These are the top five scams that hackers use when trying to access private information:
- Phishing – Delivered in the form of email, chat or website ad. It is used to impersonate a real system or organisation.
- Baiting – Involves offering something to an end user in exchange for private data. The ‘bait’ comes in many forms, such as music or movie downloads, flash drives. Once the bait is taken, malicious software is delivered directly to the victim’s computer.
- Quid Pro Quo – Involves a request for private data in exchange for a service. For example, you may receive a phone call from the hacker as a technology expert offering free IT assistance in exchange for login details.
- Pretexting – The hacker will create a false sense of trust between themselves and the end user by impersonating a co-worker to gain access to private data.
- Tailgating – An unauthorised person physically follows an employee into a restricted corporate area or system to receive private data.
How to spot a cyber-scam
Ensure all your employees are wary of any emails containing an attachment they were not expecting. Before clicking on anything, make sure your employees confirm with the sender what it is before clicking on anything. It would be a good idea to do this using a phone or separate email.
There are many ways in which a hacker will try and access data through emails, the following are the most common but least identified:
- Inbox scams
- Malicious websites
Employees who receive emails that look suspicious or have a link should be instructed not to click on the link. Instead, they should type the URL into a browser, login to their account and check the notification there.
Do you need an Essential Cybersecurity Toolkit?
It is very important that SMBs should continually check their systems for vulnerabilities, learning about new threats, thinking like attackers and adjusting their defences as needed.
The best defences that will help your business from becoming a victim of an attack are:Antivirus software