The Danger Of Social Engineering And Facebook's Concert Posts Social engineering attacks are an ever-present danger for organizations, because they target the one thing that is the hardest to control: employees. Social media is a prime target for social engineering attacks. If you’ve logged on to Facebook at all recently, chances are you’ve seen one of your friends post about the concerts they’ve been to (and one they haven’t been to), and that you should guess which concert they’re lying about. This social media “game” started out as a fun activity, but as it’s grown in popularity, it’s turned into a hacker’s gold mine. Why? Because often times, “what’s your favorite concert?” is a common security question, and hackers can use this information to access your log in information. So, if you have made a concert post (or you know someone that has) spread the word and consider deleting it. While Facebook does have privacy settings and other security measures, it can be all too easy for hackers to see your posts. To avoid potentially harmful Facebook posts and social media crazes, carefully examine everything that you are posting or sharing, to make sure that the information you’re presenting couldn’t be used in a negative way. Another step you can take is to change how you answer security questions. Instead of actually answering the security question, put in a false answer on purpose, or treat it like a second password and put in a random pass phrase. How to Deal With Social Engineering Other common examples of social engineering attacks include emails that look normal but actually contain hidden links with viruses (phishing emails), pretexting phone calls where the cyber criminal acts like a trusted source and then engages the employee to divulge sensitive information, and searching unlocked trash and recycling bins to discover valuable information that could be used in a future attack. Hackers are evolving their attacks all the time, in order to catch people off guard and expose or steal their information. That’s why having a plan in place and educating your employees on how to prevent social engineering attacks is essential for every organization. Here are three best practices that your company could implement to reduce security risks: Have a data security policy (and communicate it). A data security policy should be used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. They should include information about email policies, mobile devices, social networking, and internet usage. These policies should be documented, communicated (multiple times), enforced, and periodically reviewed and updated. Understand user agreements. All data hosting services have user agreements that outline their terms and conditions. While these may be arduous to read, it’s important to understand the fine print. You need to be careful you are not consenting to allow the provider to directly access your business data and customer information. In addition, it’s important to understand third-party security policies and standards to protect your data within their hosting environment. Conduct security awareness trainings. Creating a culture around data security can help prevent a lot breaches. One way to start is to make security awareness training a mandatory event for employees. This training should not only show employees the different kinds of cyber and social engineering attacks, but also show them how to thwart the attacks. Give concrete examples of actual threats, and possibly set up a test/false attack to identify employee behaviors and then additional training based on the outcomes. Once employees know how to stop these strikes before they even happen, the risk of a cyberattack decreases, and will validate the criticality of your organization’s data. As new hacker schemes come out and cybercriminals get smarter, it’s essential to continually inform your employees and adapt your business practices to counter new processes and types of attacks. Keeping your organization secure and creating a team (or unified) approach to prevent breaches will set you up for safety, security, and success today and in the future. How does your organization currently handle cybersecurity and social engineering awareness? Rita Reidy Rita Reidy is an account executive with Aureon. Rita has been working in the Technology industry for over 10 years and focuses on helping businesses grow, scale, and create workforce efficiencies. She has a love and passion for all things technology. For the past several years she has focused her efforts on voice communications, cloud and mobility solutions, and network services. She also has a background in enterprise IT infrastructure solutions.