Even tech savvy IT pros with dozens of years in the industry behind back are sometimes falling for well-organized traps hackers are setting to get into your systems. The tough part is that most of the following dirty tricks may not be seen in common security testing sessions. It’s just that most of the combinations that will be listed below come from thinking outside the box. Luckily they are used repeatedly, hence personnel trainings will solve you a lot of trouble.
Enough with words and let’s get to business? What are hackers capable of nowadays?
- A tricky ‘lost’ flash drive. How does this scheme work? First of all malware is being downloaded to a drive and made to look like a fairly interesting file one may wish to open. Plenty ways of making the files look interesting exist. Social networks are a bottomless well of info that may be used against people. Just imagine you are walking through the company parkway and your eye catches a flash drive. You don’t know what’s inside, and when you take a peek you see a folder with pictures of the prettiest girl in the company. Or so says the folder name and you are opening those picks. Bang. Game over. Such flash drives are ‘lost’ in hope some worker will plug it inside his corporate PC. This scheme works unexpectedly well.
- Phishing e-mails. Times when phishing mail looked like a three year old was writing it with crayons and terrible English are long gone. Such mail is disguised as a letter from your insurance company or a bank, etc. It can even come from a coworker, relative or an old classmate. Luckily social media are allowing a lot of your personal info out lose. And you click on the link you were told to or enter your personal info. Bang. Trap is sealed. To prevent yourself from this scheme note that all phishing mail is designed for you to click on a certain link and/or enter personal data. Avoid doing so in your mailbox.
- Phones are presenting danger as well. Calls may be used to gather more data bout you or your company. Such data will be used at some point of a well-planned attack. As said above hackers are smarter and more skilled today. They are great at making long-lasting plans. If somebody’s asking you about personal info request a phone number and offer to call him back. Ask the caller more details on why and where’s he calling from. Get details about the company he represents. Google given answers. But you won’t probably have to as such behavior will lead the hacker straight to you due any person will start worrying in a situation the hacker ended up in.
- Email accounts have been endangered ever since they were created. Hackers are now (again) using social media to find out answers to the password reset question from the e-mail provider. How clever is that? Or they are attacking the provider with all means necessary. Either case is not good for you. All you can do is to think of a nice strong password and to choose service providers carefully. A company with a solid brand is harder to hack in 9 cases out of 10.
- Tailgating is the worst. You can’t even imagine how simple it is to simply pot on a T-shirt with your company logo and to walk inside your company, or to follow any employee to destination point. If a hacker is 100% confident in himself and is acting as he’s supposed to be there in a decent manner the ouds are he will achieve expected results without even breaking a sweat.
Only appropriate personnel trainings that will include updates and are regular will allow you to be more or less sure your company is safe. There is no other way.