The threats to corporate and personal data security are taking on more forms than ever before. It is often confusing for company employees to understand that highly skilled cyber criminals may attack on many different fronts at once, securing smaller pieces of information through a wide variety of strategies. An increasingly popular combination of strategies involves social engineering and phishing. In order to combat these threats, it is important to understand the nuances between the two techniques.
In the case of social engineering, a cyber criminal may collect data from various divisions of the same company by building on the knowledge gained from other parts of the organization. In this type of security breach, a criminal uses human interactions to trick an unassuming employee into giving up information verbally or allowing the criminal to subsequently access database or get into a physical location where sensitive data can be stolen. The person may be posing as a technician in a face-to-face interaction, or an official company representative online, for instance. In either case they use an illusion of credibility to gain access to data.
A phishing attack involves websites or emails that look official but are really deceitful tools of cyber criminals. These sites or emails will mimic official and familiar-looking communication, duplicating a corporate logo or letterhead, or mimicking how a bank communication is generally disseminated. The difference is that the phishing communication is aimed at getting personal information that can be used to launch a larger cyber attack, steal one’s personal identity or collect sensitive corporate information.
Awareness and relevant training is a powerful prevention tool. Online assessments can be made available to employees to analyze which teams may require more training than others. Establishing clear communication about what is expected of all employees regarding cybersecurity is important in creating a corporate culture that values and promotes the responsibility of keeping sensitive information safe. Providing best practice training that explicitly gives examples of how cyber criminals combine their tools, such as social engineering and phishing, can help employees understand the growing complexity of today’s cyber threats.
Establishing a mechanism to immediately report any breach of cybersecurity is an important strategy for minimizing the damage when an attack has occurred. Communicating the need for password changes and reporting the attack to relevant financial institutions, alerting clients if necessary and reporting the event to the Federal Trade Commission, when necessary, are all important responses. In all cases, responses need to occur in a timely manner in order to help mitigate the damage.
Protecting personal and corporate assets has never been more challenging. Cyber criminals have many tools at their disposal today and they typically seek the path of least resistance. Top leaders who invest in solid cybersecurity training give their workforce the tools they need to recognize, resist and appropriately respond to potential cyber crimes. Proper education is one of the best lines of defense an organization has against the constantly evolving threats to cybersecurity and corporate viability.