Cyber criminals use social hacking to gain access to areas that are well protected by technologies such as firewalls. To do this, they take the human route. This article explains how this works and how you can protect your company against it.
What is social hacking?
The method originates from so-called social engineering. Hackers try to manipulate someone into doing something that the hacker wants them to do. They are familiar with this, for example, in the simple form of spam emails that are intended to trick them into clicking on a dangerous link.
The extended form of this – hacking – aims to use this method to gain access to a network or computer system. This works via unwitting employees who allow themselves to be manipulated.
This works primarily through certain characteristics such as trust or curiosity. This is usually paired with a little negligence.
One example would be if a hacker obtains information about a company via social networks and then poses as an administrator to an IT employee. The hacker uses the previously researched information to be credible and convince the employee. For example, he first talks about ongoing projects in the company and perhaps also mentions one or two names of employees that he has researched on the company website. Once the hacker has gained the employee’s trust, he asks for login details for a network that he supposedly needs. The negligent IT employee gives out the login details and the hacker has access to the network, where he can cause all kinds of damage.
Help through attention from employees
There is no technology against human negligence. Therefore, the only protection against social hacking is to train employees to handle data with care.
The most important tips for you and your employees to prevent social engineering and therefore hacking are as follows:
- Never simply pass on information: Login data and other important information should only be passed on hierarchically. This means that an administrator will never receive information from a simple employee, but would have to contact higher levels.
- Do not click on anything if the source is not secure: A dubious link in an email is dubious for a reason. Under no circumstances should you click on or open something if it is not clear that it comes from a secure source.
- Strengthening security awareness: The most important part of not falling for social hacking is not allowing yourself to be “talked into it”. Hackers are persistent and will not give up until they have the information they want. However, employees must also be persistent and never give up information, no matter how much pressure is exerted.
- Understanding authorizations: Train your employees to know who has which authorizations. This prevents the risk of information being passed on to someone pretending to be someone without authorization.
- Only pass on information in person: Contact is usually made by e-mail or telephone. For this reason, no information should be passed on via these channels.
So the only protection is to be aware that social hacking exists and to set clear rules to prevent it. It is important that everyone takes the danger seriously and abides by the rules. Then it will be difficult for hackers to penetrate the system.
