HomeLatest NewsSocial Engineering: Simple Steps to Protect Your Business

Thursday, August 12, 2021

Return to listings

Social Engineering: Simple Steps to Protect Your Business

Technology

While businesses leveraged technology to interact with their consumers in revolutionary ways over the last 18 months, so too have hackers.

Hackers can access bank accounts or intercept banking transactions, but most often, they are looking to collate your business’ and your customers’ private information, which they sell to vendors on the black market. Restoring funds, IT infrastructure, and regaining consumer trust in the wake of a security breach can be extremely expensive, with attacks costing Australian businesses $29 billion a year.

WHAT IS SOCIAL ENGINEERING?

Social Engineering describes a broad range of malicious activities achieved by manipulating individuals into providing security details and sensitive information. The hacker identifies their victim and gathers background information, which they use to gain trust and infiltrate their company entry points. Hackers then remove all traces of malware and repeat the process with their next target.  Often these attacks are not detected until it is too late. Here are some of the key Digital Social Engineering techniques:

TAILGATING & BAITING

These forms of social engineering require the attacker to execute their deception in person. A hacker simply leaves behind physical redirection in the form of a URL address or a jpeg drive, e.g., in a flyer informing employees of a deal, with instructions to communicate or conduct transactions via a false website. Because the risk of identification can outweigh the reward, hackers have adopted more sophisticated methods.

PHISHING

Phishing scams are the most common form of Social Engineering. Phishing emails are designed to create a sense of urgency or curiosity amongst victims. For example, a hacker may send an email alerting their target to a policy violation that requires immediate action. Crafted to appear similar to correspondence the target would normally receive, the email would advise that credentials or passwords are required to action the request.  Without taking precautions to ensure the information or sender is authentic, an employee may allow a hacker access to the company’s data and information. Find out more about phishing emails and browser notifications and how you can reduce the risk of an attack here.

SPEAR PHISHING

Between February and March 2020 as businesses began working from home, spear phishing attacks increased by 667%. Spear Phishing is similar to Phishing but is tailored to an individual. This technique uses the target's information against them, utilising characteristics, job qualifications, and their own contacts to impersonate an individual within their network. For example, an attacker may pose as a company CEO requesting an employee makes urgent purchases, process transactions, or provide details directly, enabling them to access a complete database of private information.

SAFEGUARDING YOUR ORGANISATION

A false sense of urgency coupled with the volume of correspondence flowing during business hours, can make it difficult to spot a social engineering campaign, but there are actions you can take to reduce your risk of being targeted:

  • Know who is at your place of work. Employees should show credentials in the office. If you see someone you do not know, raise this with colleagues, HR, and IT. The assumption that a stranger is a customer or client can be costly.
  • Be aware of information exposed to the public. Even discussing details verbally can attract a hacker’s attention, marking you as their next target.
  • Educate yourself about social engineering and cyber-attacks. A good place to start is our Tips for Remote Working, Cyber Security, and Avoiding Email Scams.
  • Raise awareness among employees. Foster a sense of ownership amongst your employees by helping them identify and report cyber threats.
  • Take note of emails received. Should you receive an email from an unknown source, cross-check with your data and members of the company to confirm if the sender is recognised. When receiving an email from a known source, take note of the email address itself. If the email is from a hacker, minor details will often be different, like font or email signature. Do not open suspicious emails, attachments, or associated URL links and raise the issue with IT.
  • Keep your software, antivirus, and anti-malware software updated.
  • Multifactor authentication is one of the best ways to protect your credentials.

CYBER INSURANCE: IN THE EVENT YOUR BUSINESS IS COMPROMISED

By implementing these tips, your exposure to social engineering can be greatly reduced. It is also important to implement measures that react if your business is compromised. A cyber insurance policy can support the rebuilding of your business in the event of a cyber-attack. It provides cover for losses such as data destruction, extortion, theft, and hacking. When approaching insurers for cover against cyber attacks, underwriters will consider if your business has the following risk mitigation measures in place:

  • Encryption of sensitive data
  • A Cyber Incident Response Plan
  • Data backup and recovery procedures
  • Business Continuity and/or Disaster Recovery Plans
  • Software patching procedures
  • Antivirus and firewalls.

Therefore, providing evidence that your business has taken action to limit its cyber risk exposure can reduce the cost of insurance.

NEXT STEPS

To discuss your business’ cyber risk exposures and security needs, please feel free to reach out at any time.

Jason Holmes

Client Executive – Global

jason.holmes@honan.com.au

Discover more about cyber insurance.

Return to listings
Melbourne
Sydney
Brisbane
Perth
Adelaide
Darwin
Newcastle
Auckland
Singapore
Kuala Lumpur
Corporate Risk
Biotech & Life ScienceConstructionFinancial InstitutionsFood & BeverageMedical & Health ServicesMining & Energy
Professional ServicesRetailSportStart-UpsTechnologyTransport & Logistics
Employee Benefits
Wellness Solutions
Strata & Real Estate
Strata at HonanReal Estate at Honan
Important Documents

Honan Document Library

New Zealand Financial Advice Disclosure

Financial Hardship Policy

Supporting Vulnerable Customers Policy

Domestic & Family Violence Policy

NIBA Code of Practice

General Code of Practice

Financial Service Guide

Honan Document Library

New Zealand Financial Advice Disclosure

Financial Hardship Policy

Supporting Vulnerable Customers Policy

Domestic & Family Violence Policy

NIBA Code of Practice

General Code of Practice

Financial Service Guide

Privacy Policy
Feedback and Complaints Policy
Terms of Use

Honan Insurance Group Pty Ltd (Australian Financial Services Licence no. 246749, ABN67 005 372 396) is an insurance broker acting as agent for insureds and intending insureds. Honan is not an insurer.  The information on this website has been prepared without taking into account your objectives, financial situation or needs.  Any advice provided on this website is general advice only.  Before making a decision to purchase an insurance policy, please read the relevant Product Disclosure Statement to make sure the policy is right for you.  Insurance cover is subject to policy terms and conditions including policy limits and exclusions. 

From time to time, Honan may act under a binder arrangement with an insurer.  When this happens, Honan is authorised by the insurer to issue certain insurance policies on the insurer’s behalf.  When Honan does this it acts as the agent for the insurer and not for any insured person.  We will let you know when we are acting under a binder.  You can view the Product Disclosure Statements for the insurance policies we issue under a binder arrangement here.  A copy of the Target Market Determination for each policy is also available on this website.

Copyright 2024 Honan Insurance Group Pty Ltd ABN: 67 005 372 396. All rights reserved.

Website Designed & Developed by Splashbox