Blog Post

3 Tips to Help Your Staff Thwart Phishing & Social Engineering

Kordel Eberly

Social Engineering is Costing Businesses Billions of Dollars Every Year

Help your staff thwart phishing and social engineering

The FBI defines social engineering as “the use of deception, through manipulation of human behavior, to target and manipulate you into divulging confidential or personal information and using it for fraudulent purposes.” Social engineering can occur in-person, on the phone, or through email and other electronic communications (known as phishing).

Social engineering is costing companies billions of dollars every year, and its employees who are most vulnerable to it. Why? Most employees are generally trusting and want to be helpful, they’re often short on time, and these scammers can be persuasive.

Anyone can be a target, from the receptionist to the owner of a company. Therefore, employees should be trained to recognize common social engineering and phishing tactics and what to do if they suspect it is occurring.

Here are Three Tips to Help Your Staff Thwart Phishing & Social Engineering :

Establish a Company Policy

You can implement certain procedures that will help reduce the possibility of social engineering. Make those procedures company policy, and make sure employees understand those procedures. Some examples of policies may include the following:


  • Only use USBs from the IT department
  • Never click on an email from someone you don’t recognize
  • Document and report suspicious situations (make sure they know how and to whom they should report it)
  • Report lost or stolen badges immediately
  • Never respond to money transfer requests by email

Train Your Employees

Hold mandatory social engineering training for all employees. Make sure the person providing the training – whether it’s someone from within your organization or a hired professional – is qualified.

The training should teach employees the potential consequences of social engineering and how to recognize, thwart, and avoid social engineering. It should be engaging and interactive and include examples and the opportunity for employees to act out specific scenarios.

Those on the front line – such as receptionists – should receive additional training, as they are more vulnerable to social engineering.

Here are a few of the more common social engineering scenarios that your employees should be able to recognize:

  • Phishing – This is the most common type of social engineering. The scammer typically tries to get private or personal information, get you to click on a link, or create a sense of fear or urgency to get you to respond quickly – without thinking first.
  • Pretexting – The scammer comes up with a story – or pretext – to fool you into providing information or access to a service or system.
  • Baiting – The scammer promises to give you something – such as free music – in exchange for something – such as your login information.
  • Quid Pro Quo – The scammer offers you a service – such as free IT assistance – in exchange for something - such as your login information. Baiting typically uses a product to lure you in; whereas, Quid Pro Quo typically uses services.
  • Tailgating or Piggybacking – Examples of this tactic include borrowing an employee’s laptop or asking an employee to hold the door open, so they don’t have to dig out their ID.

Develop a Culture of Caution

Lead by example. If employees see management following company policies, they’re more likely to follow them.

Train all new employees and provide on-going training for existing employees to remind them of the dangers of social engineering and to keep them up-to-date on company policies and new threats.

Include information about social engineering in employee communications, such as employee newsletters, emails, bulletin boards, etc.

Encourage employees to question their actions. For example, if a delivery person or vendor wants to come behind the counter, are there any potential risks if the employee allows it? Is it okay to let this person into the facility without an ID? Does something seem off about this email?

Managed Security Protection

Up-to-date security software also helps prevent unauthorized access to data, and the good news is that you don’t need a dedicated, in-house IT team. Eberly Systems offers managed anti-spam plans and managed security plans to prevent email social engineering and to protect your IT system from a variety of security threats - from phishing to infections.

Call today at 610-374-4049 or f ind us online to learn about our proactive IT Managed Services Plans that are perfect for businesses that want to ensure that their systems and data are well protected

fish hook
By Eberly Systems September 20, 2024
We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.
By Eberly Systems September 10, 2024
Focus on integrating with new team members and new customers
By Eberly Systems July 9, 2024
Keeping you abreast of security news
By Eberly Systems May 2, 2024
West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.
computer help with IT support
By Eberly Systems January 16, 2024
A trusted MSP can be your invaluable strategic partner.
By Eberly Systems January 2, 2024
These 5 key features of Office 365 Business Premium make it essential for businesses to have.
set of keys
By Eberly Systems December 19, 2023
Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.
construction site
By Eberly Systems July 3, 2023
After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.
By Nate M. June 1, 2023
SharePoint file storage has both features and limitations that you should be aware of while storing and accessing files. Here's a rundown.
By Nate M. January 5, 2023
These are the Eberly Systems recommendations for creating good passwords in 2023.
More Posts
Share by: