How are Organizations Helping Hackers?
With the constantly evolving technology, Hacker’s techniques are also advancing. And this is something that puts tremendous pressure on Organizations to constantly update their security measures so as to keep their data secure.
Hackers can not only expose crucial company information, but sensitive customer data as well, that can lead to potentially devastating effects. Therefore, any Business in any industry must realise that cybersecurity is an important aspect. Without proper prevention, you may fall prey to network hacking in the near future.
Most of your employees might be aware of not sending a password via email or opening a strange attachment from someone they don’t know. But do they know that posting photos of their badges on social media or revealing details about internal software in job descriptions can cause a lot of harm. There are many ways Organizations and their employees unknowingly give cybercriminals a helping hand. Here are five ways your Organization may be risking your network’s security:
A Picture or a Video can say a lot
The most common slip up that happens in companies is oversharing online, especially on social media. For instance, Human Resources sharing photos and videos to attract job applicants, interns posting photos of new badges or employees sharing photos of any office celebration.
Attackers can use a lot of things from these photos and videos to their advantage, like company badges or information on whiteboards. Office pictures can show an attacker how desks and cubicles are laid out, what type of computers are used by employees, the programs, email clients, and browsers they’re running. Employees accidentally make it easy for hackers to duplicate and impersonate and have knowledge they shouldn’t have.
Overly detailed job postings
An innocuous job posting may give attackers the exact information they need. Many Organisations go into very specific detail about the internal software they use, which gives a lot of insight to attackers about the internal structure. An attacker with knowledge of the company’s software will know exactly what he needs to break in. If he doesn’t want to develop malware, he may use this knowledge to create a phishing campaign and lure victims based on the software they’re using.
Your Email Signature
Many employees respond to phishing emails in order to prove that they can’t be fooled, instead they play right into attackers’ hands. It proves to intruders that a legitimate person is at the other end. They understand the company’s email format, which is more like a formula they can use to identify and target other people within the same Organization and they may also target other details like office phone number and extension, mobile phone number, social media handles, and/or website link in a signature, which can be fruitful for future phishing attacks.
Out of Office Emails
Automatic replies and out-of-office emails are the most common ways companies make themselves vulnerable. Employees often include a precious amount of detail, which is enough for an intruder to take advantage. For example, “Hi, this is John. I am away for vacation. For project X, contact X person at X email address; for project Y, contact Y person at Y email address.”
Full names, project names, and even contact details in an automatic reply makes it easy for attackers to target people. Using this information, they can email another employee with the company and pretend to be working with John on a project, obtain sensitive data, or request a wire transfer.
Failing to verify callers
One of usual pen-testing tactics is caller ID spoofing. If someone calls, people usually don’t question, they are used to seeing that IT is calling or human resources is calling. Security training programs tell employees not to share their passwords, but they do not emphasize the importance of questioning and verifying phone calls. Caller ID spoofing and SMS spoofing are huge and both are fairly easy for an attacker to pull off.
Education is the first step towards preventing employees from accidentally leaking data. Beyond educating employees, companies should also teach them what to do if they spot them. Actionable policies should dictate the steps for employees to take when they fall for a phishing scam.
Cybersecurity Experts at Neumetric suggest that teaching employees not to share information that could be used to assume their identities is the first step. But along with this, employees should adopt multi factor authentication, so that it is harder for attackers to pretend to be someone they’re not.
Neumetric, a cyber security services, consulting & products organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the business objectives of the Organization.
