Did you know? Every October is National Cybersecurity Awareness Month. As we continue the discussion each week about Cybersecurity, please remember to subscribe to the blog and leave a comment below. I would love to get your feedback!
In case you missed it, here’s the Week 1 post: STOP. THINK. CONNECT: Simple Steps to Online Safety
This week, I am excited to tell you that Cybersecurity in the workplace is everyone’s business. That’s right, regardless of your title, or position, you can contribute greatly to your firm’s overall cybersecurity posture.
How? Let’s say that you answer the phones in your office. You are the first line of defense to your company’s information – the gatekeeper. You know everything from which employees are out on vacation to what bank the company uses. Successful cyberattacks cannot occur without good information, and good information can be obtained from those who answer the phones.
Using the bank example, suppose a cybercriminal is planning to execute a business email compromise in the future. They need to know where you bank. How do they get that? Easy. Just call the front desk, from a spoofed number imitating a competitor bank, offering up a new CD or loan rate. Given enough time and sweet-talking, the person at the business may disclose something like, “No, we are not interested, we bank at ________.” Now the cybercriminal has the bank name that the target business uses, just by talking to the person answering the phones.
With this information, they can wait a few weeks (enough time for the receptionist to forget they disclosed the bank), and send out a targeted email, spoofed from their bank.
The takeaway is this: have everyone be mindful of disclosing too many details. Formally, this sweeting-talking is known as social engineering. In simple terms, it’s the act of pretending to be someone else to gain information. With proper awareness, your business can build an impenetrable front line staff that will not disclose information that can be a risk to corporate security.