Do you know what a social engineering attack is? If you say you are not worried about it because you have a strong anti-virus/malware solution in place, it wont help you at all.

This video shows just how easy and scary social engineering attacks are.

This is because social engineering exploits human behavior and not the vulnerabilities of your software or hardware. And this is why your cybersecurity strategy has to change and adapt to address the different ways cybercriminals are launching attacks.

According to a new report from GetApp, only 27% of businesses are providing social engineering training for their employees. Considering October was National Cyber Security Month, the data from GetApp is timely and insightful.

The title of the report is, 10 Cybersecurity Statistics That Every Business Should Know. And according to the report, the complexities of the IT security landscape require, an array of training on many topics. Unfortunately, businesses often provide security training only on a portion of these concerns while leaving employees in the dark on others.

The FBI says social engineering is designed to get you to let your guard down. It goes on to say it is a common technique criminals, adversaries, competitors, and spies use to exploit people and computer networks. Why, because it doesnt require technical skills.

Social engineering attacks use deception to manipulate the behavior of people. The goal is to talk the person into divulging confidential, personal and protected information. When they get this information, the scammers use it to go after their final target. And the final target can be everything from sensitive data to making disparaging remarks about a person, political candidate, or even a brand.

In the past these very same criminals might have been called con artists/grifters, but the premise is the same, gain the trust of the person being scammed.

The one thing you should know about social engineering attacks is they are always evolving. For this reason, you have to train your employees on a regular basis. Because you never know what the next form of attack will be.

Some of the types of attacks which criminals use are:

Pretexting Attackers pretend to need personal or financial information to confirm the identity of the recipient.

Water-holing Attackers infect a website to compromise people who frequently visit that site to gain network access.

Diversion Theft The scammers trick delivery or courier companies to drop a package to a wrong address by intercepting the transaction.

Quid Pro Quo As the name implies attackers promise the victim something in return for information or help.

Phishing and SMishing Phishing attacks use email and SMishing uses text messages to get the end-user to click on a malicious link or download. Considering 91% of successful attacks start out as a phishing email, it is especially important to increase awareness of these types of attacks.

Honey Trap Attackers pretend to be an attractive person and they start a fake online relationship to get sensitive information.

Baiting Attackers leave a device infected with malware, such as a flash drive in a place where it can be found easily. When the drive connects to a computer, it installs the malware.

These are just some of the social engineering attacks scammers use, but there are others and undoubtedly the criminals are creating new ones this very moment.

Awareness is key for protecting your business against all forms of attack, whether it is in the physical or digital world. Conversely, social engineering attacks rely on the complacency of the people they target.

With that in mind, you have to eliminate the behaviors which are responsible for any complacency in your organization. And this means going against innate traits people have, such as trust and willingness to help others. Given these points, you have to insist your employees verify, verify, verify.

The three-step system to verify a request by Kevin D. Mitnick comes from a real-life hacker and his book, The Art of Deception: Controlling the Human Element of Security.

At first glance, this may seem simplistic. However, if someone you dont know is requesting some information you will know who they are if you follow the steps.

With these three simple steps, your data will never be given out to the wrong person. It is worth repeating, your employees cant be lax in following these steps or making any changes to them.

Some of the other ways you and your employees can protect yourselves and the business include:

The criminals are going to throw everything at your employees to overlook a step, and the second they do that; your data is in danger.

A strong and strict governance with accountability can make this work. Best of all, it wont cost you anything.

Image: Depositphotos.comMore in: "What Is"

Read more here:
What are Social Engineering Attacks and How Can You Prevent Them? - Small Business Trends