Despite all the news your customers might hear about hackers simply penetrating IT networks from outside, things are rarely so simple. IT support experts such as yourself know that hackers generally need to create points of entry that they can use to gain entry to a company’s computers and networks. Your IT marketing needs to let customers know doing this often involves research and preparing a methodology that allows them to exploit potential weaknesses.
Manipulating humans to gain valuable information and even access is known as social engineering. Be sure to let your customers know hackers use social engineering in a bid to trick their employees into giving up either their computer security credentials or just vital bits of information that they can then use with another employee. Whether it means talking to one or more employees, the hackers will make every attempt to gather enough information.
What is Enough Information?
Enough information is simply everything a hacker needs to gain access to your computer network. It could be nothing more than an email address, but typically, the hacker needs to know more. What is the job title of the person with that email address? What projects are they involved in? Who do they work for?
Advanced Persistent Threat
The most common type of hacking attack on businesses is not one that does immediate damage. The reality is that today’s commercially motivated hackers want to gain entry to your network and lie there in hiding. They aim to sit there in the shadows, monitoring the passing data for nuggets of gold. They will try to siphon out valuable proprietary information. The objective isn’t to cause malicious damage; the objective is to steal business data that can be turned into money.
In order to help your clients, stay safe, it’s important to educate them on potential vulnerabilities and inform employees to be aware and educated on the most common techniques to avoid being exploited by hackers. Their employees should know the following safety tips:
• Unsolicited Communications – Whether it is on the phone or via email, never simply respond to unsolicited communications. Always verify the identity of the person seeking to make contact. One way to do this is to call the person back on a verified phone number.
• Powerful Password Etiquette – There are two rules for powerful password etiquette: create strong passwords and change passwords frequently. The longer passwords are, the better. Always mix upper and lower letter case and include numbers and symbols. If possible, use passphrases instead of passwords. For greater security, they should use 2FA (two-factor authentication). Change passwords every few months and never share any passwords.
• Never Open Unsafe Attachments – Do not open attachments from sources that haven’t been verified and validated. This includes office documents, PDF files, videos, and images. Use email scanning systems, and don’t allow parallel email access (ie., via personal web email).