3 Tips to Help Your Staff Thwart Phishing & Social Engineering

Kordel Eberly

Social Engineering is Costing Businesses Billions of Dollars Every Year

Help your staff thwart phishing and social engineering

The FBI defines social engineering as “the use of deception, through manipulation of human behavior, to target and manipulate you into divulging confidential or personal information and using it for fraudulent purposes.” Social engineering can occur in-person, on the phone, or through email and other electronic communications (known as phishing).

Social engineering is costing companies billions of dollars every year, and its employees who are most vulnerable to it. Why? Most employees are generally trusting and want to be helpful, they’re often short on time, and these scammers can be persuasive.

Anyone can be a target, from the receptionist to the owner of a company. Therefore, employees should be trained to recognize common social engineering and phishing tactics and what to do if they suspect it is occurring.

Here are Three Tips to Help Your Staff Thwart Phishing & Social Engineering :

Establish a Company Policy

You can implement certain procedures that will help reduce the possibility of social engineering. Make those procedures company policy, and make sure employees understand those procedures. Some examples of policies may include the following:

Only use USBs from the IT department
Never click on an email from someone you don’t recognize
Document and report suspicious situations (make sure they know how and to whom they should report it)
Report lost or stolen badges immediately
Never respond to money transfer requests by email

Train Your Employees

Hold mandatory social engineering training for all employees. Make sure the person providing the training – whether it’s someone from within your organization or a hired professional – is qualified.

The training should teach employees the potential consequences of social engineering and how to recognize, thwart, and avoid social engineering. It should be engaging and interactive and include examples and the opportunity for employees to act out specific scenarios.

Those on the front line – such as receptionists – should receive additional training, as they are more vulnerable to social engineering.

Here are a few of the more common social engineering scenarios that your employees should be able to recognize:

Phishing – This is the most common type of social engineering. The scammer typically tries to get private or personal information, get you to click on a link, or create a sense of fear or urgency to get you to respond quickly – without thinking first.
Pretexting – The scammer comes up with a story – or pretext – to fool you into providing information or access to a service or system.
Baiting – The scammer promises to give you something – such as free music – in exchange for something – such as your login information.
Quid Pro Quo – The scammer offers you a service – such as free IT assistance – in exchange for something - such as your login information. Baiting typically uses a product to lure you in; whereas, Quid Pro Quo typically uses services.
Tailgating or Piggybacking – Examples of this tactic include borrowing an employee’s laptop or asking an employee to hold the door open, so they don’t have to dig out their ID.

Develop a Culture of Caution

Lead by example. If employees see management following company policies, they’re more likely to follow them.

Train all new employees and provide on-going training for existing employees to remind them of the dangers of social engineering and to keep them up-to-date on company policies and new threats.

Include information about social engineering in employee communications, such as employee newsletters, emails, bulletin boards, etc.

Encourage employees to question their actions. For example, if a delivery person or vendor wants to come behind the counter, are there any potential risks if the employee allows it? Is it okay to let this person into the facility without an ID? Does something seem off about this email?

Managed Security Protection

Up-to-date security software also helps prevent unauthorized access to data, and the good news is that you don’t need a dedicated, in-house IT team. Eberly Systems offers managed anti-spam plans and managed security plans to prevent email social engineering and to protect your IT system from a variety of security threats - from phishing to infections.

Call today at 610-374-4049 or f ind us online to learn about our proactive IT Managed Services Plans that are perfect for businesses that want to ensure that their systems and data are well protected

< Older Post Newer Post >

Mail

Catching the Big Phish

By Eberly Systems • September 20, 2024

We're all in the same boat trying to avoid cybercrime! Here's our top ways to identify a potential phishing attempt.

Key Notes from the Security Team: Q3 2024

By Eberly Systems • September 10, 2024

Focus on integrating with new team members and new customers

Key Notes from the Security Team: Q2 2024

By Eberly Systems • July 9, 2024

Keeping you abreast of security news

Eberly Systems Acquires Lebanon County LYLAB Technology Solutions

By Eberly Systems • May 2, 2024

West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.

Navigating Small Business Success: The Power of IT Outsourcing for SMBs

By Eberly Systems • January 16, 2024

A trusted MSP can be your invaluable strategic partner.

Enhancing Business Security and Productivity with Microsoft Office 365

By Eberly Systems • January 2, 2024

These 5 key features of Office 365 Business Premium make it essential for businesses to have.

Key Notes from the Security Team: Q4 2023

By Eberly Systems • December 19, 2023

Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.

Customer Success Story: Construction

By Eberly Systems • July 3, 2023

After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.