Social Engineering

Fall Newsletter

Hidden I.T. Security Threats Right in your own Office

 

Fall_News_Social_Engineering

There are a lot of reports in the news about IT security threats and the damage they have caused.  This has put a larger focus on implementing firewalls and anti-virus systems to prevent hackers from afar getting into our systems. 

With these more sensational attacks in focus, our attention is drawn away from threats that are near and impervious to the protection provided by software.

These threats are local outsiders, they are the people that walk into our workspaces, uninvited, unexpected and well-prepared to exploit vulnerabilities in plain sight. It doesn’t have to be a rogue employee or someone with legitimate access to our workspace.

These are often individuals that use psychological manipulation to convince staff to perform actions or divulge confidential information.

This action is often referred to as Social Engineering.


“Better to be despised for too anxious apprehensions, than ruined by too confident security.”

– Edmund Burke, Author and Political Theorist


These “bad guys” are adept at taking advantage of the weaknesses in our everyday behavior, actions that expose our systems and leave valuable clues behind.

Scary fact – we leave a lot.

 

Here are 14 ways we can help secure our workspace better.

 

  1. Lock our computer whenever stepping away from it. Even if it’s only for a minute. Get the lock screen enabled and up so nothing of any value is on display or accessible.
  2.  

  3. Never, ever, put passwords or codes on Sticky notes to help remember. We make it easy for the bad guys to find private information that way.
  4.  

    Fall_News_Sticky_Notes
  5. Invoices, cheques, and confidential documents cannot be left out in full view. Keep them in a file folder while working, then locked away when done. And don’t leave file drawers wide open, especially if they are usually locked. Don’t give the attacker the advantage of seeing what has been stashed away.
  6.  

  7. Remember to pick up print jobs right away. Too often print jobs are sent but not retrieved, containing all sorts of private and confidential information.
  8.  

  9. Shred it to forget it. Then recycle it. When corporate papers are put straight into the recycling/trash they are easy to gather information from.
  10.  

  11. Our phones will betray us. Most smartphones have notifications across the lock screen that reveal way too much. Changing settings to prevent these notifications or keeping the phone safe in hand will help stop this information from getting into the wrong hands.
  12. Fall_News_Devices

     

  13. Keeps the keys to our kingdom secure and out of sight. They are an invitation to be used and copied otherwise.
  14.  

  15. Unattended bags. Just like in the movies. Someone will pick it up and walk away. It only takes a second to steal a laptop bag or a briefcase full of contract documents but the cost and damages incurred last far longer.
  16.  

  17. Open doors. Attackers will “tailgate” and follow employees into companies because people by nature we will hold the door open. Even if it requires a passkey. The attacker may have a series of stories and excuses at hand, ready to gain access and then make it past reception. 
  18.  

  19. Keep small devices secured and in hand. USB keys and flash drives often hold sensitive data and need to be taken proper care of.
  20.  

    Fall_News_Lanyards
  21. Access cards should be secured. Don’t leave them lying out in the open. These cards can easily be copied and attackers will be on the lookout for them
  22.  

  23. Keep confidential information off of social media. Do not post selfies and pics of your new corporate card, lanyard, paystub, credit card etc. People do this all the time and there are specific sites attackers go to find these pictures. They can use these images to read the data and you know the rest.
  24.  

  25. What did you leave up on the whiteboard? Once that important meeting is over, take a picture of the whiteboard then erase it. Otherwise, clean off anything that could be sensitive or used to gain access.
  26.  

  27. Think twice, answer once. When someone you don’t know asks for a password, or business information that is not to be shared, don’t give it out. Unless you are the person directly authorized, you are not obligated to be polite or do a favour. However, you are obligated to help your company protect the data and reputation of its customers and employees. You can always ask someone else who knows before you agree to anything.
  28.  

    Stay vigilant! Someone is always watching.

     

 

Toll Free: 1-866-615-2786
Toronto Phone Number416-850-2684
Email:info@jig.to

 

 

Previous Newsletters