Protecting the data, valuables and account information related to your business has become even more vital as our workplaces have become more dispersed, remote and reliant on the cloud, and the range of threats have only increased.
Having high levels of technical security, such as virus scanners, spyware detection and two-factor authentication on all of your business accounts is the first part of ensuring your business assets are protected. However, there is also the human factor to consider.
A growing number of threats involve the use of social engineering, which is where a person, rather than a system is manipulated to provide information, account details, passwords or even money and bank details.
Robert Cialdini suggested that there are six principles that can be used to influence people, and so the people most likely to fall for scams or be manipulated will likely be driven by one of these principles.
Here are the people who are likely to be targets of social engineering.
Many of us live the concept of the “golden rule”, that we should treat others the way we have been treated. If we are given a gift we like to give one back, or at least give thanks. In a workplace, helping out someone often gets help back in return, as well as happiness and social capital.
However, this rule can be manipulated by bad actors to steal information by appealing to a person’s sense of fair play. People who, for example, will offer compensation or refunds or prizes in draws you have not entered but just need your bank information to get it to you.
Make sure you know who you are in contact with before providing any sensitive information, even if they act as if you owe them a favour.
Consistency and dedication are incredibly positive traits in the workplace because bosses know that if a task is set it will be completed to the best of a person’s ability.
However, one less positive aspect of this is that if you commit to a goal, such as a sale or to help someone gain access to large amounts of money of which you will get a share, you are more likely to honour that commitment even after the motivation to do so disappears.
This is why we often will spend good money after bad, or continue to gamble after losing money, so always keep in mind that you can and in some cases must walk away from a scam.
People obey authority figures, and social engineers know this. This is why so many scams appear to be from some kind of official source.
A great example of this is text messages and emails which appear to be alerts from banks, the police and tax services requiring an urgent payment.
People like to follow the herd, especially if they don’t know what to do in a situation, and we will often do what other people tell us is right. This is why canned laughter is used in sitcoms to highlight where a joke is supposed to be.
An example of this being misused is scams involving fake testimonials, which give a false impression of a product or service’s authenticity and quality.
How much we can be influenced and persuaded by someone is so often based on whether we like them, and it can affect our buying decisions.
This aspect of social engineering is a lot broader than the others but can involve positive reinforcement in telephone conversations, having a “trustworthy” voice or look, and in some cases physical attractiveness.
Time is a huge part of social engineering, and perceived scarcity creates a psychological demand. Many textbook scams and social engineering tricks involve offering prizes or major discounts but only for a limited time.