fbpx
Search
Close this search box.

5 Ways Hackers Can Socially Engineer Your Staff

Open lock in a series of digital locks.
Open lock in a series of digital locks.

In August of 2012, on a hot day in Las Vegas, a recently hired Walmart manager of government contract logistics spent 20 minutes on the phone with the store manager in a remote military town in Canada. During those 20 minutes, the logistics manager took down vital information from the store manager in preparation for a big government contract: the store’s management schedule, their janitorial and cafeteria food contract providers, even the type of computer system the store manager used and what antivirus software it had installed. The only problem is that the there was no government contract logistics manager. The call was part of a contest run by the hacker convention DefCon, and in 20 minutes, a contestant managed to get every piece of information he needed to rob the store, sell to competitors, or infiltrate their computer systems using nothing but a telephone and a few hours of research. This is social engineering, and hackers are increasingly using it to infiltrate businesses and steal their secrets for personal gain. Here’s what they’re doing and how to protect your company: 1.Protect Personal Contact Information — It’s good to put a public face on your company, but protect the private internal email and other contact information of senior employees. That contact info can be used to impersonate them. 2.Give Information on A-Need-To-Know Basis — In the Walmart story, the information came from a store manager, but usually it’s a much lower employee who is infiltrated. Compartmentalize sensitive information to keep it from escaping. 3.Formalize Information Channels — Sharing company secrets should never be done informally. Make sure a formal plan is in place for procedures on sharing company information. Social engineers will try to exploit informal structures to get more than they otherwise could. 4.All Information Is Private Information, Or None Is — To a dedicated social engineer, even tiny pieces of private information can add up. Make sure you, as well as your staff, are aware that any information shared can go public quickly. Don’t share anything with anyone outside of the company that you wouldn’t feel comfortable putting on the front page of the New York Times. 5.Record Outbound Contact — Because you can be sure that any social engineer working on your company is recording it also. Be sure to audit this record regularly to make sure that information is not getting out. This should include phone calls, emails, text messages, and similar.

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

B2B Integration Tools: 4 Dark Secrets - Corsica Technologies

Legacy B2B Integration Tools: 4 Dark Secrets

The world of B2B integration comes with complexity. Not only are you sharing data within your internal systems—you’re sharing it with the external systems of trading partners. That gets incredibly complicated. Even the best B2B integration tools may not be

Read more
Cloud migration security - What you need to know - Corsica Technologies

Cloud Migrations: 6 Steps To Reducing Security Risks

Cloud migrations allow organizations to leverage the full power of the cloud. Yet cloud migrations aren’t without security risks. As Forbes reports, 94% of cloud customers were targeted every month in 2023—while 62% of them were successfully compromised. Whether you

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.