Don't lose your business to a social engineering attack this #SocialMediaDay

Social engineering is one of the fastest growing cybercrimes out there and it’s our personal information which allows these attacks to be so successful. Offenders are becoming ever more adept in targeting people’s confidential information, gleaning such data as passwords and bank details through very straightforward methods.


A good social engineer will often take weeks or months getting to know a company through a variety of ways. Scouring the major social media sites and business websites for bits of personal information about you are easy wins. For many local tourism-based organisations that rely on their social media channels for business, this potentially leaves them wide open to such an attack.

Unsecured, public profiles are the most useful, but even if you keep your privacy settings on high, there’s no guarantee that a family member or close acquaintance might not have shared information about you on their profiles.


Take for example the recent Facebook leak where it was revealed that nearly half a billion Facebook users' personal information was breached including full names, birthdays, phone numbers and their location.


Facebook has since said that the leak dates back to an issue from 2019 and which has since been fixed but with more than 30 million accounts in the US affected the damage has already been done.


Another way in which a cybercriminal can find information on you is by researching other organisations you’re affiliated with, for example, local charities or perhaps you sit on a local board. Personal details send strong signals about your interests and the types of appeals that might be most effective on you.


On a more conspiratorial note, someone you know from a company may be recruited to infiltrate your activities, or industrial espionage specialists may profile you through the internet and get to know your preferences, hobbies, contacts, and friends.


These are just a few methods that cyber criminals can employ, so if you want your business to be truly resilient, then here are our top five tips on preventing personal data from being hacked.

  1. Keep social profiles locked down

  2. Be wary of cold calls

  3. Set your spam filters to high – and we don’t just mean on your computer

  4. Follow security best practices

  5. Opt-out of people-search sites


For more information on social engineering or if you have any questions, please get in touch. www.swcrc.co.uk/contact-us


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.