Protecting Intangible Assets Against Social Engineering
If you’re a regular reader of this blog, then you know that your business is responsible for protecting the personal, financial, and contact information of your customers, employees, and even other businesses. To fulfill this responsibility to protect intangible data, many people spend time focusing on the technology aspects of cybersecurity without stopping to think about one of the biggest risks to your security system: people. In fact, employees can often be your biggest security flaw, and while they do need to be trustworthy, protecting your data from social engineering can become tricky, which means that you may need to amp up your human security measures.
Social engineering is the manipulation of other people in order to commit crimes and it’s often the manipulation of your employees to gain access to your business’s sensitive data. This can also mean access to your buildings, technology, or other places meant for employee eyes only, if even that! These criminals often charade as someone official, whether it be a police officer, fireman, or even technical support, and will work to gain access to your business by convincing employees that it’s their business to do so. While increasing your digital security may help protect your business, you may also need to increase in your human security. You can do this by learning more about social engineering and teaching your employees about it and by setting up company policies to help keep employees in check.
Here are examples of steps that you can take to prevent social engineers from targeting your business:
- Keep an eye on your visitors to help ensure that no suspicious activity is happening, especially if they’re required to sign in to a visitor log.
- Security cameras can help you to track people, both employees and visitors alike, so you can determine what events have taken place or find a perpetrator in action.
- Controlling access to your buildings and rooms where you store files or computers by requiring a key, badge or code can be helpful, although sometimes employees may let these criminals in, since they’re often trusting of their fake appearances. Another way to boost security may then be to limit which employees are allowed this access, giving a way in to only to those that need it.
- Including in your company policy rules like frequent password changes, high password strength, and not allowing the exchange of passwords or credit card information over the phone are also all great ways to encourage more information security.
When in doubt of the best ways to protect your business from social engineers and their tricky acts, you may want to consider asking a company to professionally penetration test your business. It is also advisable to have a cybersecurity expert sit down and discuss your individual business’s weak points in order to help bolster and build up your defenses. As a business and data security lawyer, I can help you manage the legal risks presented by these and other kinds of attacks, as well as help you to train your staff and encourage a workplace with thorough cybersecurity knowledge. To learn more, let’s schedule a meeting.
The information presented here is for general educational purposes only. It does not constitute legal advice and does not create an attorney-client relationship.