The weakest link we have within our businesses are the humans. Humans are the ones who make mistakes. Humans can be easily manipulated by ruthless and sophisticated cybercriminals.
Most cyber attacks rely on the poor security habits of the general public in order to succeed. Poor passwords, enticing website ads, and clicking on that Facebook must-see-top-ten-list-of-celebrities-dog-look-alikes, can all create an environment that is ripe for a data breach.
According to Symantec™, these are the most common types of social engineering schemes on websites and social media platforms.
- Manual Sharing – These rely on victims to actually do the work of sharing the scam by presenting them with intriguing videos, fake offers, or messages that they share with their friends.
- Fake Offering – These scams invite social network users to join a fake event or group with incentives, such as free gift cards. Joining often requires the user to share credentials with the attacker or send a text to a premium rate number.
- Likejacking – Using fake “Like” buttons, attackers trick users into clicking website buttons that install malware and may post updates on a user’s newsfeed, spreading the attack.
- Fake Apps – Users are invited to subscribe to an application that appears to be integrated for use with a social network, but is not as described, and may be used to steal credentials or harvest other personal data.
- Fake Plugin – Users are invited to install a plugin to view a video, but the plugin is malicious and may spread by reposting the fake video message to a victim’s profile page without permission.
What can a small business owner do? First, your network and computer systems are configured to prevent humans from making mistakes. While social media sites, such as Facebook, are important parts of our lives, it’s probably not a crucial business tool for most of your employees. Configuring your network settings to prevent users from accessing social media sites could save you thousands of dollars recovering from a data breach because an employee clicked on a malicious ad. Up to date antivirus for computers and servers can detect and isolate issues when an employee accidentally downloads an infected document. Properly training your employees on acceptable cyber security behaviors could mean the difference in you being open or closed for business.
Even with careful, well-educated users there are still a lot of vulnerabilities. We are committed to providing you the information you need to make sound decisions about keeping your information secure. Look for our next email to help keep you and your business safe.
Interested in knowing how we can help you train your employees and ensure you are protected in your small business? Email firstname.lastname@example.org, or reach out through our contact page.