When we think about network security for our business, it’s easy to focus on the technical side of things. After all, focusing on what you can control tends to give the illusion that you can control it all. We know how to install firewalls and antivirus software; we know how to encrypt our communications. The problem is, security isn’t just about technology—it’s about people. And people can be both your greatest security advocates and your weakest security links (leadership included). One of the most insidious ways in which attackers exploit this vulnerability is through social engineering.
Social engineering is the art of manipulating people into divulging confidential information they might otherwise protect. It’s a type of attack that relies on human psychology rather than technical exploits. Social engineering attacks can take many forms, but a few of the most common are phishing, pretexting and baiting.
Phishing is perhaps the most common form of social engineering. It involves sending an email, text or other message that appears to come from a trusted source, such as a bank or a social media site. The message typically contains a link that directs the victim to a fake website designed to look like the real thing. Once the victim enters their login credentials, the attacker can use those credentials to access the victim’s account...