So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.
A recent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.
One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.
People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).
Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.
3 Key Pathways to Getting Hacked
- Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
- Do not click on links inside emails, regardless of the sender.
- Never open an attachment or download files from senders you don’t know or only know a little.
- Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
- Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
- It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
- Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
- To check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
- Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
- Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
- Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
- Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?
All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.
Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Hacking Humans: How Cybercriminals Trick Their Victims
Intel Security has compiled a list of the top ways cybercriminals play with the minds of their targeted victims. And the chief way that the cybercriminals do this is via phishing scams—that are designed to take your money. The fact that two-thirds of all the emails out there on this planet are phishy tells me that there’s a
- Spear Phishers Know Your Name
“Spear phishing” refers to phishing scams that are directed at a specific target. Like when Tom Hanks was stranded on the island in the movie Cast Away. He whittled a spear and targeted specific fish, rather than dropping a line with bait and catching whatever came by. When phishing attacks are directed at company officers
- Phishing works and here’s why
A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the
- Phishing 101: How Not to Get Hooked
You’d think that it would be as easy as pie to avoid getting reeled in by a phishing scam. After all, all you need to do is avoid clicking on a link inside an email or text message. How easy is that? A phishing scam is a message sent by a cybercriminal to get you to click on a
- Credit Card Processors Targeted In Hacker Attacks
WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US. WE DO NOT SELL DUMPS A European hacker broke into a U.S. company’s computer network and stole 1,400 credit card numbers, account holders’ names and addresses, and security codes. The hacker, nicknamed Poxxie, sold the stolen credit card data to other cyber criminals through his own