Susan, your accounts payable administrator, received an email from one of your vendors asking all future payments be wired to a new account so she made the change in your payment system. David, a new customer service employee, allowed one of your remote IT help desk technicians access to his laptop to “do a minor upgrade”. And Steve, your marketing manager, clicked on an email attachment about a new approach to using social media to attract new customers. Three normal transactions among the thousands that take place at your company every day, right?
Sixty days later a vendor asks why they haven’t received payment. You open the AP files and see thousands of dollars in ACH transfers have been made every week. Your bank calls to tell you your customers’ credit cards have been used for fraudulent transactions. And because all bad things happen in threes, your IT Director tells you all your company’s servers have been encrypted by ransomware and the hacker is demanding $10,000 dollars in Bitcoin for the encryption key to unlock critical files.
These scenarios have played out at businesses in the Midwest over the last several months with one common factor: hackers didn’t expend any time and energy trying to compromise the network defenses such as firewalls, intrusion detection or intrusion prevention tools at these organizations. They simply tricked workers employing a method known as social engineering to gain access to money, databases and file servers. Social engineering is easier, less expensive and more profitable than most other hacking methods.
So, how do you fight back?
Security Awareness Training
You can help your staff prepare for social engineering attacks by teaching them the tricks that hackers employ. A comprehensive approach including:
- Baseline testing
- Interactive web-based training
- Continuous assessment using simulated phishing attacks
Not only will you reduce the risk of compromise, you will meet regulatory compliance requirements for such training that may apply to your business.
Matrix Integration recently partnered with KnowBe4, a well-respected and highly regarded firm that provides training and simulated social engineering attacks to prepare your employees and test their awareness. Why take the chance that your organization become a victim of “human hacking”? Call us and we will help you design your program.
Matrix Integration specializes in information technology solutions for businesses including IT consulting, security, communications, networking, implementation, wireless, data centers, managed services, remote monitoring and disaster recovery.
* “Hacking the Human” is the title of a book by Ian Mann that highlights the main risks from social engineering and the psychological models that explain the basis for human vulnerabilities. You can find it and many others about social engineering and phishing at Amazon or your other favorite purveyor of books.