9 Ways to Train Your Employees to Recognize Hack Attempts
There are many versions of social engineering that employees have been tricked by. Here are nine steps that companies can take to fight social engineering attacks.
1) Create a human firewall by training your staff to recognize social engineering attacks when they see them.
2) Conduct frequent, simulated social engineering tests to keep your employees on their toes.
3) Conduct a phishing security test. Here's a link to a free test -
4) Be on the lookout for CEO fraud. These are attacks in which the attackers create a spoofed email that appears to be from the CEO or other high-ranking officer directing actions such as transfers of money on an urgent basis.
5) Send simulated phishing emails to your employees and include a link that will alert you if that link is clicked. Keep track of which employees fall for it and focus training on those who fall for it more than once.
6) Be prepared for "vishing," which is a type of voicemail social engineering in which messages are left that try to get action from your employees. Those may appear to be calls from law enforcement, the IRS, or even Microsoft Tech Support. Make sure your employees know not to return those calls.
7) Alert your employees to "text phishing" which is like email phishing but with text messages. In this case, the link may be designed to get sensitive information, such as contact lists, from their mobile phones. They must be trained not to touch links in text messages, even if they appear to be from friends.
8) USB attacks are surprisingly effective and they're a reliable way to penetrate networks. The way it works is that someone leaves USB memory sticks lying around in restrooms, parking lots, or other places frequented by your employees. When employees find and insert them into their computer—and they will if they're not taught otherwise—then the malware on them gets into your network.
9) The package attack is also surprisingly effective. This is where someone shows up with an armload of boxes (or sometimes pizzas) and asks to be let in so they can be delivered. While you're not looking, they slip a USB device into a nearby computer.
The only way to fight social engineering is to actively engage your employees in spotting such attacks and calling them out. Done right, your employees will actually enjoy the process—and you'll sleep well, too.