AXEL Network Products:

AXEL GO - share and store files securely.

LetMeSee - photo sharing app.

  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

AXEL.org

  • Network
  • Technology
  • Applications
  • Blog
  • About
    • Team
    • Press
    • Careers
    • Patents
  • Contact Us
  • Login
    • AXEL Go
    • AXEL Cloud

April 29, 2022

What Do We Do About Social Engineering?

We hear about ransomware schemes all the time, from the Colonial Pipeline attack to personal PC breaches[1]. These attacks involve an unauthorized party slipping into a secure system and locking users out of their data. Imagine that you stroll into the office one day and can’t get to work until your company pulls together thousands of dollars. The popular image of a hacker prying their way into a system involves rapidly striking a keyboard and slipping in through a digital backdoor. The truth, however, is often much more clever and sophisticated. 

Social Engineering Basics 

Social engineering takes the digital security fight offline. Hackers operate similarly to con artists. They take time to research their targets. Social media accounts are combed through for hints. They compile employment rosters, gather contact information, and learn everything they can about a company’s standard operating procedure[2].  

Social engineering has become an intricate process these days. Hackers have the opportunity to falsify credibility in ways we haven’t seen in the past. The ability to “spoof” a phone number is the ability to make it seem like they’re calling from a phone number that belongs to another person or organization. Spoofing is a powerful tool in the hacker’s kit. By spoofing the right number, they can convincingly pose as the representative of a client, a colleague in a distant department, or authority figures like the police or government officials[3]. 

Many social engineering tactics rely on following breadcrumbs until they can dig up login credentials, but a majority of them leverage fear and urgency in their information gathering excursions. These attempts to get information out of people can come in the form of false subpoenas, investigative claims, or bank phone calls. 

Businesses that deal in online spaces need to be particularly careful when it comes to social engineering. If your cybersecurity is robust and your digital hygiene is pristine, social engineering attacks may be the final opening in your armor.  

Protect Your Secrets 

Social media posts about work may, in most cases, be harmless, but with enough employees making enough posts about privileged information will lay bare the secrets of a workplace. Tweets complaining about the email services or storage solutions can turn into ammunition for a clever hacker. Photos of office spaces can be a peek into the hardware and internet infrastructure of an office, giving an innovative way in for the hackers. Workplace policies that prohibit social media posts about internal processes go a long way when it comes to preventing hacking attempts. 

If your business involves exchanging personal information with clients via the phone or email, social engineers will, with time, work out who those clients are. Once a social engineer works out who your common points of contact are, they will often opt to pose as tertiary collaborators. With a handful of details, a hacker can create a convincing profile of a person that never existed. Be wary at work when a “new employee” calls for information your clients already have.  

Disengage and Verify 

When phone calls come from a number you recognize, but the caller’s behavior seems incongruent, take a minute to gather information of your own. If the police call and they’re demanding login information to “investigate a case,” gather information of your own before handing anything over. Badge numbers, and officer names are pieces of information you’re entitled to. Ask to call back and contact the police on your own. Contacting the organization a spoofed number claims to be from on your own is one of the best ways to verify the legitimacy of a call or text message. Bank scams and IRS fraud will similarly fall apart under his degree of scrutiny. This also works to break apart social engineering attempts when the culprit poses as a representative of your clients. Any request for sensitive information should be verified ahead of compliance.  

Practice Password Security 

If a successful social engineering attack happens in your workplace, a diverse pool of passwords will protect the office from widespread damage. Successful data breaches thrive when a single password grants access to more than one security system. Diversity in passwords will save you a ton of time and headache in the event something goes work. We also recommend never storing a password [4] in a document on your computer. If a hacker gets access to your machine and finds that, then your security breach’s damage will quickly spill out onto other corners.  

Decentralize Your Workplace 

The end goal of any social engineering is to steal private information or otherwise disrupt a business’s ability to continue work without paying a ransom. Decentralized storage is, by far, one of the best ways to keep this from happening altogether. Data backups stored offsite in decentralized servers are going to be secure in the face of a data breach in the workplace.  

Let AXEL Help 

AXEL is a decentralized storage solution for all of your storage and file-sharing needs.  

You can try AXEL Go Premium with all features unlocked free for 14 days. Sign up today and see how AXEL Go can improve your workflow and supplement your organization’s cybersecurity. 

References

[1] Touro College. “The 10 Biggest Ransomware Attacks of 2021.” Touro College Illinois. Touro College, November 12, 2021. https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php 

[2] Kaspersky. “What Is Social Engineering?” usa.kaspersky.com, March 9, 2022. https://usa.kaspersky.com/resource-center/definitions/what-is-social-engineering 

[3] 29, Ray March, JamminJ March 29, The Sunshine State March 29, Gary March 29, Hal March 29, Ferdinand March 29, Nope March 31, et al. “Hackers Gaining Power of Subpoena via Fake ‘Emergency Data Requests.’” Krebs on Security, March 29, 2022. https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/ 

[4] “Password Safety.” Technology Safety. Accessed April 27, 2022. https://www.techsafety.org/passwordincreasesecurity 

Filed Under: Cybersecurity Tagged With: communication, customer data, cybercrime, data analytics, data privacy, data protection, marketing, Security, Social Media, technology

Primary Sidebar

Recent Posts

  • AXEL News Update
  • AXEL Events
  • Why Digital Sharding is the Future of File Storage
  • The Practical Applications of Web3
  • Archival With the Future in Mind
  • IPFS: Securing Our Privacy Future
  • What Do We Do About Social Engineering?
  • Five Simple Security Tricks
  • IPFS: The InterPlanetary Solution to Small Business Problems 
  • Schools: Our Cybersecurity Blindspot
  • The State of Privacy Laws in 2022
  • The Great Return (Back to the Office)
  • Artificial Intelligence is Here to Stay. How Will That Affect Businesses, Individuals, and Our Privacy?
  • Big Tech is Talking Privacy. What Does That Mean for the Future of Our Data?
  • How Technology Changed Business (And What That Means for the Future of the Industry)
  • Small Business Tech Trends of 2022
  • After the Cyberattack: What Happens to your Data Following a Breach?
  • Has School Surveillance Gone Too Far?
  • What Does Cyberwarfare Look Like? Just Ask Ukraine.
  • National Data Privacy Day: The Internet isn’t Anonymous Anymore
  • AXEL’s Guide to Remote Work
  • How Law Firms Should Handle Cybercrime
  • National Technology Day: How Tech has Changed the Way We Live
  • The World’s Top Hacking Groups – Part 2
  • The World’s Top Hacking Groups – Part 1
  • 2021 Cybersecurity Year in Review
  • INTERVIEW: How COVID Changed the Courtroom (and the Future of Law)
  • Enron, Ethics, and the Fight for Privacy
  • The History and Modern Uses of Encryption
  • Self-Driving Cars are Here. Are Businesses, Consumers, and Lawyers Ready?
  • Cybersecurity Strategies for Small Businesses and Firms
  • Is Virtual Reality the Future? Facebook Thinks So.
  • Devastating Data Breaches – Part 5: Facebook Dismisses Data Security
  • Devastating Data Breaches – Part 4: How Target Changed Credit Cards
  • Devastating Data Breaches – Part 3: The Negligence of Equifax
  • Devastating Data Breaches – Part 2: Marriott’s Merger Misfire
  • Devastating Data Breaches – Part 1: The Hard Fall of Yahoo
  • Everywhere is the New Office: The Rise of Digital Nomads
  • Convenient or Monopolistic? Epic’s Challenge to Apple’s “Walled Garden”
  • The State of Privacy Laws in the United States
  • Big Tech’s Big Secret: Why Google and Apple Want Your Data
  • Data Privacy and Security Increase Profitability in the Cannabis Industry
  • Bitcoin has Entered the Mainstream. Now What?
  • Data Breaches are Here to Stay (For the Unprepared)
  • What the New Infrastructure Bill Means for Tech
  • Shady Schemes and Sinful Scams: The History of Internet Spam
  • Lawyers are the New I.T.: Tech Tips for Legal Professionals
  • For Here or To Go? Remote Work, Hybrid Offices and the Future of the Workplace
  • The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later
  • Another Day, Another Cyberattack: Kaseya Software and the Future of Ransomware

Recent Comments

    Footer

    Sitemap
    © Copyright 2022 Axel ®. All Rights Reserved.
    Terms & Policies
    • Telegram
    • Facebook
    • Twitter
    • YouTube
    • Reddit
    • LinkedIn
    • Instagram
    • Discord
    • GitHub