The Rising Risk of Social Engineering
Cyber-security has been a subject of increasing importance in the UK for many years, but with the COVID-19 pandemic forcing many organisations to implement remote working, the threat of cyber-attacks must be taken even more seriously. One type of cyber-attack that has recently become a more frequent threat is the use of social engineering.
What is Social Engineering?
Cyber-criminals engage in social engineering attacks by influencing people to disclose their personal information; strategies may include persuasion, impersonation, or even coercion. Perpetrators can deploy social engineering tactics through a variety of different platforms, such as phishing emails, fraudulent online offers or prizes and phone scams.
Social Engineering during Lockdown
Many remote workers do not have the same degree of cyber protection in their home, as their employers have in their physical workplace. As such, cyber-crime has become an ever more ominous threat to companies of all sizes and across all sectors. Studies indicate that cyber-attacks have risen dramatically during the COVID-19 period, specifically phishing emails that prey upon fear and apprehension associated with the pandemic, which attempt to manipulate recipients in to revealing sensitive information.
A lack of efficient cyber-security protection as employees continue to work remotely, coupled with the rising threat of social engineering and cyber-attacks, emphasise the need for employers to be especially cautious.
A social engineering attack occurred earlier this year, when Italian email addresses were targeted with phishing emails claiming to contain an attachment from the World Health Organisation with guidance on the prevention of COVID-19. After opening the attachment and following the e-mail instructions, malicious software was subsequently installed on to the user’s computer and enabled cyber criminals to access sensitive data.
With workers continuing to operate remotely, the potential of exposures to companies’ data and networks are heightened. Consequently, organisations should take the time to evaluate and resolve these threats. Precautionary steps that should be considered include:
- Provide formal employee training, including guidance regarding specific types of social engineering threats and how to recognise them.
- Limit an employee’s ability to access USB ports on company equipment, to reduce the chance of a virus or malware infecting the device.
- Use layers of protection, such as multi-factor authentication. If a password is compromised, additional layers of protection can reduce the risks to the organisation.
- Implement a virtual private network (VPN) to secure organisational data.
- Review user accounts and restrict access to sensitive data in line with an employee’s duties.
For more information on social engineering and cyber-security, contact us today.