Think you can’t be a victim of human hacking? Think again

Picture of Mayuran Kanthasamy
Chief of Information Security
Cyber Security Awareness Month is an internationally recognized campaign held each October to inform the public of the importance of cyber security. This campaign is focused on helping individuals be more secure online, by being informed and knowing the simple steps to take to protect themselves, their families, their workplace, and their devices.
 
This month will be divided in to weekly themes which highlight different aspects of cyber security. Each week, we’ll be highlighting a different aspect of cyber security, and demonstrating how you can show your devices how important they are to you (and your organization) by keeping them safe and secure.
 
Even with sophisticated technology protecting our networks and our information, security attacks and data breaches can occur through good old-fashioned human manipulation. Attacks of this nature are known as social engineering.
 
One of the most direct ways to get confidential information is to call someone up and ask for it. This type of social engineering attack is known as “Voice Phishing”—or “vishing”—where attackers impersonate a trusted source to obtain access to confidential and sensitive information over the phone.
 
Typically, attackers identify their targets, build trust, and use manipulation techniques, such as a sense of urgency and/or perceived position of authority, to get the individual to divulge information in order to gain unauthorized access to systems for the purposes of committing fraud, espionage, financial and reputational damage or to disrupt an organizations systems and networks.
 
Getting unauthorized information can be as simple as: “Hi, I’m Bob, I have an urgent request to get material for my VP, but I’ve lost my system password. Can you help me out?”

The Canadian Anti-Fraud Centre (CAFC) has issued a warning to all Canadians to remain vigilant and be wary of ongoing fraudulent schemes. Given these unprecedented times, fraudsters are becoming more and more creative and want to profit from consumers' fears, uncertainties and misinformation.

So, what can you do about this?

Security is everyone’s responsibility within an organization, and here are a few simple steps to protect sensitive information such as client data belonging to your customers:

  1. Confirm your source: Don’t give sensitive or confidential information to anyone, unless you can positively verify that they are in fact who they claim to be. if you didn't initiate contact, you don't know who you're communicating with. Also, be sure to:
    • Obtain caller details: Ask for their name, title, company they’re representing and phone number.
    • Validate via call back -An attacker can spoof caller details by masking their name and number displayed on the caller ID. Verify the contact details of the individual and offer to call them back on an official number and not the one provided by caller.
  2. Disclose only to those who need to know: Consider the sensitivity of the information being requested and whether this information is relevant or required by the individual asking for it.
  1. Be aware and stay secure: Reduce the chances of social engineering attacks by:
  • Being wary of “vishing” scams, which typically start with a recorded message generated by a text-to-voice synthesiser.
  • Limiting the amount of information you share online, and don’t use easy-to-guess security questions (like the name of your pet).
  • Ensuring confidential information is secured and information resources are only accessed by authorized individuals.

Conclusion

Unexpected distractions can prevent sales from delivering. Imagine if your top seller was impacted by an attack or lock out? Can your company afford to not follow best practices?

Varicent provides a vigilant watch for the delivery and design of sales performance management (SPM) systems in the cloud, so you can sleep at night and focus on sales. Help protect your business’s resiliency by following recommended human best practices.

If you see something, say something: If you think you have been a victim of a social engineering attack, report any suspicious activity to your organization’s information security team to protect the integrity of your business.
Picture of Mayuran Kanthasamy
Chief of Information Security

You may also like