How to Minimize Social Engineering Exposure

Everyone Needs Social Interaction

With the Covid-19 pandemic surging and stay-at-home orders in place across many states, we have been left with few opportunities to receive this much needed socialization.   Time spent online and specifically on social media platforms has gone up between 10-15% for the average user.   

Not Everyone Online Is Your Friend

While it sounds like an obvious statement, we sometimes share information across public platforms online that is sensitive in nature and could open us or our loved ones up to social engineering attacks. 

 

Top 5 Tips to Keep You Safe From Social Engineering Attacks

#1 : Your Social Media Profiles

Be VERY careful not only about what you say in your posts, but also what information you have publicly available inside your profile.  Birthdays, relation to other family members, schools you graduated from and even previous employers are all simple ice breakers for a potential attacker to use to “buddy up” with you or your family members.

#2 : Be Smart About How You Login

Use two-factor authentication with every account that supports it.  If you receive a password reset email that you did not request, delete it immediately and manually type in the website to change your password.  The most important part of a password is the LENGTH.  Make is a passphrase as opposed to a password.

#2 : Use the Principle of Least Privilege

Don’t adjust sharing permissions to allow access to ALL (out of laziness) on a cloud document when you really only mean to share it with 1 or 2 people.  When elevated privileges are needed, use as short of a window as possible!  

#3 : Beware of Hardware Hacks

Don’t use public WiFi.  Don’t use unknown mice/keyboards.  Don’t use someone else’s charging cable
(Yes, a hacker has created a rogue lightning cable that would let the bad guy take over your phone!) 

#5 : Do NOT Use Out-Of-Office Auto-Responders

Telling someone that you are out of the office is a personal invite for a hacker to start attempting to break into all of your accounts.  They know you most likely will not be checking your email for hours if not days while you are out.  If possible, set your autoresponder to only send out automated emails to your contact list.