Cybersecurity covers a broad range of risks and threats. You’ve got the basics like your computer viruses and malware, to the business-crippling ransomware and data breaches. You have threats that cause stress and downtime, and others that steal information and money, and others still that don’t even have clear understandable objectives. The point is, cybersecurity isn’t simple, but sometimes the threat actors and cybercriminals who target you will use low-tech methods to get what they want.
First off, let’s start with the Two Golden Rules of Being a Potential Cybersecurity Victim (I know it’s not catchy, I just made it up, but maybe it will catch on).
Rule #1: Nobody is Too Big or Too Small or Has Too Little to be Immune from a Cyberattack.
Plain and simple, there’s no business too small, there’s no person too humble, and there’s nobody who doesn’t have something worth the small amount of effort it takes to scam them.
Rule #2: Cybercrime is a Streamlined Business, and It’s Thriving.
While there are plenty of lone scammers and hackers out there, the vast majority of cybercrime comes from very active groups of people who more or less work like a business. These organizations perfect the art of cybercrime, and they get to continuously repeat and hone in their tactics and treat it like a numbers game, and they are always looking to increase their ROI.
It’s expensive to write a virus or malware. It takes a lot of effort and a lot of intelligence and education. It’s not expensive to exploit malicious software that is readily available and just requires a little scam artistry to deploy.
These low-cost, low-effort types of attacks are effective, and in a world where more and more businesses are deploying strong cybersecurity defenses, non-technical scams like social engineering simply allow the bad guys to be let right in beyond the security gate.
Social engineering is manipulation. It exploits human psychology to gain access to enough information or access to cause harm. Scammers target human weaknesses, such as trust, curiosity, or fear.
A good example of this is the grandparents scam. This, as its name suggests, often targets parents and grandparents. The scam is complex, but relatively easy for a clever scam artist with few morals to conduct. They learn a little information about their target, and then call them, claiming that a loved one is in jail or the hospital with a broken nose. They play the part of the loved one’s attorney, and weave a story about how the loved one was in an accident involving a pregnant woman. This story can change a little, but the long and short of it is they need a large sum of money for bail, and they will send a driver to come pick it up.
This is a scary, stressful situation, and because of that, it works.
There are countless methods of social engineering in the workplace, including phishing attacks (where attackers send emails that look legitimate) to text message and phone call scams. Scammers can pretend to know the CEO, or pretend to be a customer, or pretend to be a coworker, all to try to gain a little more information that will help them infiltrate your business.
Even in a small business, there are multiple weak spots in the form of end users, and the more employees you have, the more risk there is.
The remedy is to cultivate a culture of cybersecurity and provide ongoing training for your staff, and make sure owners and management opt in as well. Employees should be encouraged to be skeptical, even if an email comes from a higher up. Once it involves sharing information or moving money, email and text shouldn’t be trusted and a second authentication should happen.
It’s important to always be a little skeptical, and not inherently trust every email, especially when it seems urgent or has other warning signs, such as:
Don’t risk your business by ignoring these threats. At TaylorWorks, we can help you strengthen your cybersecurity, and help you build a culture of cybersecurity with your staff. Give us a call at 407-478-6600 to get started.
Comments