It’s tempting to think that the main threats to the safety of your business data are computer viruses, website security, and emails pretending to be from your bank. Even with anti-virus protection and firewalls in place, and testing of your website for vulnerabilities, all of these measures can fail in the face of the biggest threat to the security of your business: the people.
This goes beyond screening new hires and ensuring that you have loss prevention procedures in place (especially if yours is a retail business). Many identity thieves and scammers are using one of the oldest and easiest ways to steal your business’ identity and your money. It’s called social engineering and it’s can happen to any of your employees, even to you.
Social engineering uses a wide variety of means in order for a criminal to gain access to your sensitive business details. Some thieves employ technology through fraudulent emails (this is called phishing) that either direct the recipient to a fake website where information is entered or prompt the user to download an attachment that is infected with some form of virus.
Did You Know? According to Symantec™, a global computer security software provider, one-third of all cyberattacks/scams now target small businesses.
Some attachments, like documents, spreadsheets, and PDFs, contain macros that will run when the attachment is opened. If the macros (so named because of the scripting language used to create it) contain a virus, it’s possible for login information, credit card numbers, and bank account numbers to be captured and passed onto the thieves.
Some thieves employ personal skills when it comes to getting at your money. A less damaging form of this may be familiar to many business owners, especially small business owners: someone calls your offices under the pretence of being from your copy machine vendor or service company and asks for the make, model, and serial number. If the caller gets this information, the next thing that happens is substandard supplies are shipped to your office with an invoice for an amount far above that you would pay through your usual vendor. These types of calls generally target lower level staff or someone who is covering for another employee or even someone who may come across as timid on the phone. The caller is usually practiced enough to gauge the personality of the employee and to adjust the act accordingly.
The more detrimental form of social engineering involves the caller impersonating a member of your own staff in order to gain access to confidential material. All it takes is a very good liar and an unaware employee for a security breach to occur. People are unfortunately the path of least resistance when it comes to stealing information or an identity.
So what can you do to prevent this from happening? The best defence is education. Teach your employees about how these scams work and what the risks involved are. You can find information on social engineering from the United States Computer Emergency Readiness Team (US-CERT), a part of the U.S. Department of Homeland Security. The more you and your employees know about the biggest risk to your business, the safer your information will be.