Around 65,000 attempts to hack small to medium-sized businesses happen every day in the UK. If they’re successful, they can really damage your reputation, lose you revenue, and leave your staff feeling vulnerable. Depending on the scale and how prepared you are for an attack, it can take weeks to recover from.

So protecting your business should be the number one priority. But it isn’t as simple as installing firewalls and antivirus. There’s a certain tactic that cyber criminals use called social engineering that can’t be stopped by software, making it particularly dangerous. But what is it and how can you keep you and your staff safe?

What is social engineering?

Social engineering can be a subtle attack, so much so that you don’t even realise it’s happening. They exploit human nature and trust to get the victim to reveal sensitive information. It can be used in a variety of attacks, including phishing attacks, baiting, and confidence tricks.

It’s estimated that around 98% of cyber attacks use social engineering in some form, making it one of the most dangerous threats to an organisation. What makes it so dangerous is that it manipulates our psychology, meaning anyone can fall victim. 

The goal can also be to extract personal information. With this, they can access private accounts or bypass security questions.

How does it work?

Cyber criminals typically try to manipulate us using trust and urgency. An example of urgency could be an email requesting immediate payment. Victims may panic and open an attachment on the email, which immediately downloads a virus, or they might just send the money directly to the attacker.

By manipulating trust, one group of cyber criminals stole millions from Facebook and Google. They created a fake company, set up bank accounts in its name, and sent invoice phishing emails to specific employees. The employees trusted the emails as the invoices had details of a recent service they’d received and paid the criminals millions. 

It doesn’t even have to be that elaborate. Have you ever seen a post on Facebook that tells you how to get your superhero name? The kind where you have to use your date and month of your birthday to make the name? It seems harmless, but that gives potential cyber criminals data about you they can use to get into your accounts. What if these numbers are part of a password? Be careful about giving out information like this.

What can you do to prevent falling victim?

One of the best ways to stop your organisation from falling victim to social engineering attacks is to have regular cyber security training. One study tested participants’ ability to identify phishing emails at various intervals after training. It revealed that after four months, the participants could easily identify phishing emails. But after six months, they started to forget what they had learned. So it’s recommended you do some retraining every four months.

And double-check before taking action. If a USB turns up on your desk, ask where it came from before plugging it in. If you receive a suspicious email, check if the sender’s email address is legitimate. Finally, stay calm. Cyber criminals play on our reaction to urgency. Instead of panicking and responding quickly, find out more information and analyse what they’re saying.

Social engineering is a serious threat. There isn’t any software that can stop a criminal from manipulating your trust or basic human nature. But, thankfully, there is software that can give your devices an extra layer of protection if a member of your organisation falls victim to this attack…

Ready to protect your business? Nisyst Cyber Security can help you keep your data secure and your business safe from cyber threats. For more information, get in touch with us on 01204 706000.