Wearing shirts with company logos on them can be enough to gain access to restricted areas. Verify that visitors really are who they say they are.
If you receive a call offering IT support for a problem you didn’t know you had, get suspicious. That’s probably not Microsoft calling; it’s a scam known as pretexting.
Phishing is so common because people fall for it, but your bank will never ask you to change your password by following a link. Always type in Web addresses directly; don’t click on links.
Never open an attachment from an untrusted source, no matter how enticing. Even if you know the sender, it’s worth scanning that .ZIP file before you consider opening it.
“Tailgating” works because people don’t like to let the door close on the person behind them. But if you work in a secure building, your manners could cause a security breach.
“Baiting” involves leaving a USB flash drive with an intriguing label on it lying around in the hope someone will stick it in their computer and unwittingly install malware or worse. Remember what curiosity did to the cat.
Quid pro quo scammers will offer you something enticing, like chocolates or a coupon, in return for information about you. If it sounds too good to be true, it is.
Requests for money to help a desperate friend or relative commonly come through hacked social media accounts. Contact the person before you send anything to make sure it’s really them.
You can have endpoint security systems in place with anti-virus, URL and content filtering, firewalls at the gateway and desktop, anti-malware, and more, but social engineering encourages you to bypass your own defenses.
Create a user awareness program on how to spot social engineering techniques. A healthy dose of suspicion could save a lot of time and money.
By Michelle Drolet, founder and CEO, TowerwallSpecial to Worcester Business Journal Online
This article was recently published in Worcester Business Journal Online