Cyber Security: The Rising Risk of Social Engineering

Cyber-security has been a subject of increasing importance for years however, with the increase in remote working due to the COVID pandemic, the threat of cyber attacks is even more prominent. Cyber-attacks using social engineering have become more prevalent and frequently go unrecognised until it’s too late.

 

What is Social Engineering?

Social engineering involves manipulation with the intention of gaining access to private intellectual property or information. Tactics include, but are not limited to: persuasion, impersonation and intimidation. The key methods of social engineering are:

  • Phishing emails
  • Fraudulent online offers
  • Telephone scams

 

Why has Social Engineering risen during lockdown?

Unsurprisingly, most employees will not have the same level of cyber-security in their homes as they have in their workplaces. As such, cyber-crime has become an increased threat since the start of lockdown for organisations of all sizes and across all industries. Somewhat more shocking is the reports of perpetrators launching coronavirus-themed attacks, often in the form of phishing emails, in attempt to manipulate recipients into revealing personal information via fear tactics. Phishing emails can also carry ransomware which encrypt files and hold them hostage until the victim pays a ransom. However, there is no guarantee the files will be released even if a ransom is paid and paying can make your business a target to other hackers.

This highlights the importance of vigilance among both employers and employees alike.  

 

How to stay Cyber-secure

Employees working remotely are more vulnerable to cyber-attacks which consequently increases the organisations’ exposure. Therefore, organisations must assess and address any and all potential risks and take precautionary measures such as:

  • Provide formal employee training, including guidance regarding specific threats and how to recognise them.
  • Limit employees’ abilities to access USB ports on company equipment in order to reduce the chance of a virus or malware affecting the device.
  • Use layers of protection, such as multi-factor authentication. If passwords are compromised, additional layers of protection reduce risk. External security services can also be utilised to strengthen cyber security measures.
  • Implement a Virtual Private Network (VPN) to mask organisational data such as web traffic.
  • Review user accounts and their level of access to sensitive information. Limiting access will reduce risk of compromise.

All industries must be aware of cyber security risks as every business will have important elements and sensitive information stored electronically and the consequences of cyber-attacks can be catastrophic. Ensure that you have a standalone cyber-liability policy as most standard property and liability policies exclude cyber related issues.

Contact us to discuss cyber-security insurance or any other policies.