March 01, 2016
Training employees to recognize social engineering dangers is one of the most important ways to protect confidential information in the workplace today.
Information thieves use social engineering such as phishing and pre-texting to trick people into giving out confidential information and/or installing malicious software.
Scams can occur over the telephone but most frequently, they arrive in a fake email.
Many data breaches are thought to have started with a simple social engineering scam.
According to Verizon’s 2015 Data Breach Investigation Report, phishing attacks have been a factor in more than two-thirds of cyber-espionage incidents for the past three years. The study showed that more than 23% of recipients open phishing emails while 11% open the attachments.
Globally, computers continue to be infected with malware at a high rate. The Anti-Phishing Working Group (APWG) reported that the global infection rate was around 33% for most of 2015.
For protection, an organization should have a comprehensive information security program as well as technology that intercepts incoming emails such as firewalls, antivirus software, and content filtering. There should be a multi-level approval process for any financial transfers. Some companies utilize social engineering phishing tests to identify workforce vulnerabilities and solutions.
Employee knowledge about engineering scams is just as important as these other safeguards – so employees can delete or ignore scams.
In security awareness training, teach employees about the risks involved in sharing personal and business information online. Also, use workplace reminders (posters, notices in employee newsletters, etc.) to keep phishing awareness top-of-mind.