HP Technology at Work
The must read IT business eNewsletter
Scams and hacks: Is your business a target for the new con artist?
You work hard for your business. You’ve logged endless hours. You’ve put blood, sweat and tears into making your business successful. Today, it’s easier than ever for social engineers and hackers to take everything you’ve put into your business (and then some) in the blink of an eye.
What are social engineers? Social engineers are con artists who take advantage of human behavior to pull off a scam. They manipulate businesspeople into trusting and helping them get the information they desire, using whatever tactics necessary.
In the past, these con artists could do things like dress up as a police officers or firemen, using their ”authority” to retrieve information in person—something we still have to constantly look out for. Similarly, dumpster divers and identity thieves can get their hands on sensitive documents that aren’t disposed of properly, or steal confidential paperwork like tax returns from open and unlocked mailboxes.
More recently, however, social media websites, rather than in-person attacks, have been at the center of these manipulations. According to CNET, one in 400 internet links are malicious, and botnets are growing in offices around the world . A botnet is a collection of computers that are tricked via social engineers to run malicious, harmful software and spread its effects throughout businesses. Social engineers target small businesses for countless reasons, including:
- Poor network security makes it easy for anyone to hack into your network and retrieve information not intended for their eyes.
- Giving out information on public databases, like Facebook or other blog sites, provides identity thieves with all the information they need from you.
- Poorly monitoring finances can make you miss someone committing bank fraud—or opening an account in your company’s name without your knowledge.
- Poor email standards can provide anyone with whatever they want to know about your business—especially when your employees are including confidential information in their emails.
Here are some ways you can prevent your business from being targeted and falling victim to these savvy con artists:
- Protect your printed information by making sure you’re properly shredding documents and other material that should remain confidential. Keep your mailbox locked, or have your tax return directly deposited into your account.
- Protect your data and choose a quality router, such as NETGEAR, and secure it with a passphrase, rather than password to reduce risk. A passphrase is a sequence of words, rather than one simple word or letter/number combination. These provide more security and are easier to remember.
- Protect your social media profiles by carefully choosing what information you post and by only interacting with contacts you know you can trust. Links, fragmented language and requests for any type of information should be viewed as suspicious.
- Protect your banking. In addition to monitoring your accounts frequently, electronic monitoring services like MyID.com offer alerts when an account matching your business name has been opened.
And here’s an important rule of thumb that will help you protect yourself and your business: if you wouldn’t say it out loud in public, don’t put it in an email or post it online.
Knowing how social engineering works might make you wary of every person walking into your office or sending your employees emails or friend requests, but staying current on security trends takes away some of the vulnerability of your business. Being certain you know exactly who you’re providing information to is key—it only takes minutes to make sure, and could save your business. Be sure you have properly secured your cloud identity if you have one and, to be extra cautious, HP offers an Identity Driven Manager Software Series, which enhances network security.
 CNET, February 2012