Cyber Security Awareness

Written by: Chris Kujawa, MCSE, MCST
Published: Tuesday, November 13, 2018

The process of getting “hacked” doesn’t always involve a highly trained computer expert on the other end breaking passwords and infiltrating firewalls.  Social engineering has become a very popular way to target individuals and obtain personal information.  It would not be hard to rob a bank if the employees let you into the safe and walk out with the money, right?  Social engineering involves hackers trying to obtain information from or about you via phone, email, social media, etc.  They then use that information to attempt to access your email or online accounts.  A lot of times people will make their mother’s maiden name or pet’s name part of their password reset questions.  A few minutes on Facebook and a lot of that information can be discovered.

Here are some effective ways that you can protect yourself.  Enable two-factor authentication.  Almost all banks or credit institutions have the option.  This service will notify a pre-determined phone or email for verification when logging into your account.  This is currently a much underutilized security feature by most people today.  Facebook, Google, and Apple are all examples of companies that have built-in two factor authentication in their systems that can be enabled.  This feature, while not 100% unbreakable, makes accessing any account extremely difficult without the secondary authentication device.

Be aware of what you are clicking on or saying.  Never use a link via email for account or password updates.  Always go directly to the site in question and sign in.  Some social engineering tactics involve calling the target and pretending to be a sales call.  They then try to extract information about software used, vacations, working hours etc.  The hackers will then use this information to chain together other information in the attack against the target.

Whether it be in the healthcare industry, accounting industry, or any industry that handles private user data these principles can be applied.  Being a victim of social engineering can be quite costly in the areas of private data loss, identity loss, corporate data breaches, firm reputation, and not to mention the time and money involved in the discovery process.

To read more about social engineering, below is a link to the Wiki page: