Social Engineering On Your Phone
Almost every single person on the planet owns a smart phone. Communication with friends, family, or your work would be extremely difficult if you didn't own some sort of smart phone. Not only that but our entire lives are often stored within our pocket sized computers. Your phone may hold your banking information, credit card, and even the controls to your home security system. With so much of who you are inside your phone it's no wonder cyber criminals see it as a gold mine. One of the biggest threats to your security is "social engineering" and your phone may be the easiest tactic hackers have to exploit you or your organization.
What is social engineering?
Social engineering is a method used by cyber criminals to psychologically manipulate their targets into giving up certain information or opening themselves up to malware. Information that criminals often go after are login credentials such as usernames or passwords. Often times if a cyber criminals is able to obtain your login for one application they can use that as a foothold into your entire IT infrastructure. These bad actors may often pretend they're someone else in order to intimidate you into letting something slip, or lure you into a false sense of security to where you willingly give up information.
Someone may call you or send an email claiming they "are from support and need you to download this app ASAP in order to fix your computer" when in reality they are trying to get you to download malware or some other virus on to your system.
Another example of social engineering is when bad actors will pose as a figure of authority in order to intimidate an employee. Someone could pretend to be a manager or executive within the company and demand login credentials or access to a part of the system they don't belong on. Often times it's these emotions that hackers prey on when looking to breach an organization.
How is Your Phone Different?
When we think of cyber criminals hacking into a business or stealing information we mostly think of PC's, servers, equipment, etc. We often forget that our personal phones could be just the backdoor cyber criminals need to access your organization.
Do you have your work email on your phone? That's a potential attack vector.
Do you access important files via your phone or tablet? Cyber criminals could have a field day there. While messaging apps such as Slack or Discord may make work communication easy, they aren't bullet proof when it comes to security either.
Just the other week "Rockstar", a prominent game developer, was breached via a Slack channel. Slack is a messaging application for businesses to facilitate communication between their employees via various direct messaging and channel features. Slack can be downloaded on a PC as well as in the form of an app for smartphones. The teenage hacker responsible for this breach used social engineering methods in order to gain the trust of Rockstar employees. Through convincing an employee to hand over login credentials he was able to join their Slack channel and access all sorts of private data.
Long story short, there are a multitude of reasons a bad actor would love access to your personal device. With how much of business has moved to remote work it has become even more common that hackers are exploiting unprotected, personal devices from employees off the local network of an organization. Securing your smartphone as if it were your work computer is imperative to avoiding a potential data breach.
What Can You Do?
Oftentimes humans are your weakest link when it comes to security. One of the easiest things an organization can do is educate their employees about the dangers of social engineering, what it looks like, and how to respond. Security awareness training can teach individuals how to secure their personal devices as well as their work devices. Of course training isn't the only thing you can do. Practicing good password hygiene is crucial to establishing an effective first line of defense to all of your applications.
Another practical step you can take is implementing multi-factor authentication. Having an alternate form of authentication can save you in the event that you do accidentally give up something important. These practices alongside common sense practices like not clicking on shady links, or not responding to emails from people you don't know can help protect you from the threat of social engineering.
Only 27% of companies provide employees with social engineering awareness training. That leaves many organizations far more vulnerable than they potentially could be if they took this simple step. Also means close to 75 percent of organization leave their employees to fend for themselves against masters of manipulation. (Get App)
Now it’s time to be aware of social engineering on your phone - check out CorpInfoTech’s Protect Yourself From Social Engineering
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.