Modern technology has made Internet access available to more and more devices, but unfortunately this means that it has also made us more susceptible to Internet-based attacks. These attacks are generally used to steal information and can include viruses, malware, adware, spyware, worms, and social engineering to name a few. Intruders and hackers are always on the lookout for new and inventive ways to gain access to unsuspecting users’ information than can be used maliciously or for personal gain. It is vital that we as users of the World Wide Web stay one step ahead of hackers to preserve confidential information.
In this article we will discuss social engineering, what it is, and what preventative actions we can take to avoid becoming victims. We will also look at how document management software such as eFileCabinet can help protect you from becoming a victim of social engineering.
What is Social Engineering?
One of the most effective ways of gaining access to secure information is to have someone give it away willingly. But what exactly does that mean? Most times hackers get through layers of security measures because of simple human behaviors such as trust or ignorance. This is the basis of social engineering. Social engineering uses human weakness to gain access to a particular system despite any defensive security control measures that have been implemented via hardware or software. Basically, the ultimate security wall is the human being; once this is bypassed it can leave endless possibilities for hackers and other cybercriminals.
The formal definition of social engineering is as follows: “Social engineering, in the context of information sectary, is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. In other words it is a type of confidence trick for the prime purpose of gathering information, gaining access to systems or fraud.”
Social engineering comes in many forms including:
Blagging – Blagging (also known as pretexting) is the act of creating an imaginary scenario in an effort to engage the target in a way that preys on the target’s emotions such as trust or sympathy to increase the probability of the victim disclosing confidential information that they would not divulge in normal circumstances.
Blagging is commonly used by cybercriminals to impersonate police officers, co-workers, insurance agents or any other individual with a right-to-know authority in the mind of the victim. Blaggers will normally craft an official looking correspondence that requires answers to specific questions. In most cases all that is required is for the correspondence to be crafted in a way that is authoritative and genuine.
The Trojan Horse – Similar to the Trojan horse of Greek mythology, the cybercriminal baits the potential victim into opening what appears to be a seemingly harmless email. When the victim opens the attachment, it then launches a worm or malware which can sometimes infect entire networks. The ‘l Love You’ and the ‘Anna Kournikova’ worms are just some famous examples.
Phishing – Phishing is perhaps the most widely used social engineering technique to obtain private information. Typically, the cybercriminal sends an email or provides a link to a website that seems to belong to a legitimate business, bank, credit card company, etc. This gains the client’s trust compelling them to reveal important information. This can be a bit tricky to detect as hackers typically use official company logos and content to add to its authenticity.
Methods to Prevent Social Engineering and the Role of DMSs
There are several methods in which people can prevent themselves from becoming victims of social engineering, including:
- Being educated about social engineering;
- Being aware of information that is being released ;
- Keeping software up to date; and
- Following your gut instinct.
However, there are effective means of preventing social engineering within an organization and this is through the use of secure document management.
eFileCabinet’s safe and secure document management software has a number of security measures in place to ensure that files remain properly guarded and protected. However, it is eFileCabinet’s role-based security that can help prevent the divulgence of sensitive information and save companies a lot of headaches.
Information can be elicited from documents as well as individuals. The root cause of many successful social information cyber-attacks stems from information being too available. In far too many offices the protocols for storing, controlling, accounting for, or disposing of information is not properly defined. In addition, information is often distributed too widely and made available to persons who ‘do not need to know’. As a result, employees are exposed to confidential information while not being sufficiently aware of its sensitivity.
Enter eFileCabinet’s role-based security; with this feature, documents can be configured to be accessed only to specific individuals on a need-to-know basis. Furthermore, eFileCabinet includes a workflow module where documents can be automatically routed to specified users and made accessible to them only when certain actions are fulfilled. This goes a long way in controlling the flow of information and restricting access only to those who need access.
If you would like to learn more about eFileCabinet’s numerous security measures and how they can protect you from social engineering please fill out the form provided for a free 15-minute demo.