Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Education & Training

Avoid social engineering attacks and protect employees

By Adam Jackson
social engineering attacks and how to thwart them
November 11, 2020

Interest in digital security grew exponentially in 2020. From social media to voting to corporate software, speculation and potential breaches have been on the rise. Work from home has created a unique set of problems as well. As more corporations continue to push back the date of when employees can return to their offices, if they want to at all, company-owned computers and software are being used on unprotected internet access. Or worse, employees are using personal computers to get the job done. 

Most companies use VPNs to allow employees access to company resources and information from remote locations. If an employee's home network or device is compromised and it has access to the company's data via VPN, the entire company network is compromised. Additionally, all it takes is one wrong click from an employee working in a coffee shop for their computer to be publicly discoverable.

Social media is the second most valuable source of information used in social engineering attacks, behind readily available PII. Employees might not understand the insights that can be gained from their seemingly innocent posts. 

So what exactly is social engineering and how is it a risk?

Social engineering is a type of attack where the attacker attempts to create enough trust between themself and the victim to get the victim to do something, such as click a link, download a file or enter information.

It’s the type of scam we hope the elderly don’t fall for and end up emptying out their life savings. It's the kind of attack that looks friendly, not like something you should be weary about at all. But social engineering attacks can cause a whole slew of problems and cost a company a lot of capital.

Who’s at risk for social engineering breaches?

Everyone. 

Social engineering attacks happen millions of times a day. There are two broad types: general and targeted.

The general attack works like a mass mail campaign. Millions of emails or messages on social media are sent and the attacker is hoping 0.1% of people fall for the scam. This tactic can easily work on someone who isn’t familiar with how to vet links or who is too busy to fully read a message before acting on the request.

It’s important to double check where the email is coming from, what security encryption is being used, who your reply will go to and if the links go to where they say they will. One misstep and a hacker can get access to one small detail, that can spiral into something bigger.

Typically, your email platform will flag potential hacks like this as spam, but occasionally the hackers are so good and the content is so compelling that it ends up in an employee's inbox.

The other type of social engineering breach is a targeted attack where the attacker spends time gathering information about the victim and crafts a personalized message. High-profile individuals, wealthy people and company executives are the typical targets for this type of attack.

This is an easy scare tactic and if the attacker triggers the recipient in just the right way, they may panic and provide all of the information requested just to ensure they aren’t publicly embarrassed.

The personalized-message attack often ends up in the hands of the CEO or another executive who would have access to sensitive files and information.

Until recently, email was the dominant medium by a wide margin. However, recently, attackers have started to move to social media and text messages.

Many corporations issue employees both a computer along with a mobile phone, which can also provide access to private company information. And, with multiple family members home using the same internet network, vulnerabilities can happen.

So how can you protect your employees and organization?

  1. Use a VPN that has the ability to analyze traffic for malicious programs.
  2. Do anti-phishing training. If your company doesn't offer it, there are several free online courses.
  3. Use a reputable antivirus program.
  4. Educate employes on controlling personally identifiable information (PII) online.

In the event of a breach, understand the vector and intent of the attack. What was the attacker trying to get from the employee? That should inform all remediation steps. Common steps would be to inform necessary staff immediately, and the employee should lock his or her personal credit report and any other financials.

How can privacy software help?

As business owners already know, you have to spend it to make it. Strategically spent capital can open doors to increasing revenue, and also keep threats out.

A study by IBM showed the average cost of a data breach for a company is $3.86M. That is only the cost to remediate the attack and comply with reporting laws. The effects of the reputational damage to companies' bottom line is harder to calculate, but can destroy a company.

Investing in high-quality privacy software can help mitigate an attack before it becomes a financial and legal disaster. If a breach makes it through to an employee's technology, and they are unaware or delayed to report it, the damage may be too great to recover from.

Let’s talk about a review process.

Here are three things your company should review each year to make sure you are thwarting social engineering breaches.

  1. Policy is just as important as tools, and compliance is more important than both. An annual review of your company's policies and audit procedures is critical.
  2. Limit the threat surface of people in key roles. Anyone who has the authority to wire money or initiate payments should be reviewed annually. Social media training, phishing training, and PII control for those people should be reviewed regularly.
  3. Vector analysis. Research how other organizations in your industry are being attacked and ensure you have programs in place to address those specific threats.
KEYWORDS: cyber attack cyber security enterprise social engineering

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Adam Jackson spent 10 years in the Army as an Infantryman and Green Beret. He has multiple deployments to sensitive and highly volatile environments. Upon concluding his service, he began helping high profile individuals and celebrities secure their homes, tours, and personal information before founding 360 Privacy. He has worked with some of the biggest names in entertainment, banking and the public sector.   

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Email, Spymail, Cybersecurity, Cyber espionage

    4 Ways to Thwart Social Engineering Attacks

    See More
  • employees working at a table

    How to help employees spot and avoid phishing attacks

    See More
  • hacker

    How can companies keep up with social engineering attacks?

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing