In our last blog, we discussed the harm of social engineering
and how hackers are getting the information they need for cyber crimes without programming a single line of code. As business owners, we have to be aware of this spoofed communication and create a practice to catch information thieves before you become a victim. Whether it’s to protect your internal company information, or your customer’s information, it’s time to put safe measures in place.
Here are some important steps to consider for your business:
Security Protocols and Policies
First of all, if you don’t have any protocols and polices in place to combat cyber attacks, you should ask a professional to come up with the framework ASAP. Depending on your business model and clients, your main goal is to protect your business from a data breach. So think through possibilities, and be prepared with a policy in place in case something happens.
Training and Testing
Once you have your security protocols and polices in place, you need to train your employees first, then test it to see if it works. Remember, social engineers are good at getting the answers from you instead of answering your questions. Practice withholding information until you’re able to verify someone’s authenticity.
Monitoring and Tracking Performance
Although we want a perfect track record of blocking cyber crimes, humans make mistakes and something could fall through the cracks. The best thing to do is have a way to track all interactions when it comes to outsiders’ requests for information. Ask multiple layers of questions to ensure you can authenticate a person’s real identity. Keep track of such interactions and time stamp them in activity logs so you can review them as needed.
Once you have protocols and policies in place along with activity logs, perform random, unannounced tests to make sure you get the results you wanted. Test more than once, on multiple occasions on a continuous basis.
No system is perfect and people forget, but awareness along with policies in place can help reduce social engineering crimes within your company significantly.