Social Engineering is one of the methods used to steal passwords. Cybercriminals use social engineering as one of the easy ways other than technical attacks to steal passwords. Social Engineering is psychological and grooming, and tricking people or employee to divulge credentials.
A typical example is how an attacker calls your helpdesk saying he is user working for the company in XY department and needs his password reset.
Under well organised, professional IT structure users who have lost or forgotten their passwords to come in person and present an ID Card to reset their passwords but smaller, less professional setups might permit users they know well to reset over the phone based upon recognizing their voices or answering some very basic cognitive questions. This type of policy is a receipt for disaster.
Other types of social engineering include just trying to gain information about the target user or network the attacker wants to get into. The bad guy could ask a human resources staffer during an interview where the attacker pretends to be interested in a job about technical details of the network, users, services and so on to gain more intelligence about the company.
The last and most common example of social engineering is tricking someone into holding an access door open for the bad guy to enter a facility without identification.
How To Mitigate Social Engineering?
User training
Social engineering can be mitigated by providing cybersecurity awareness training to all your staff. Training can help prevent not only social engineering but also not accessing wrong websites, downloading unauthorized software, which can cause serious damages leading to a denial of service (DoD). Training can help prevent this threat and many other threats to a network. Also, responsible network administrators train their users never to divulge their passwords to anybody for any reason.
Strict password Policy
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy has to be part of an organisations’ official regulations and may be taught as part of security awareness training.
Useful link for easy password
I’d like you to watch the below youtube video to understand how easy it is to crack easy passwords: https://youtu.be/RtUvMJFP_IE
If you found this short article please share with your friend and if like some advice on how to secure your data get in touch at info@securedtech.co.uk