There are many ways a company and employees could unknowingly give hackers a helping hand. Most of these errors are subtle. Think simple email signatures and out-of-office messages. Others are sometimes bolder, involving a simple social media post.
There’s so much that can be told social media photos. Hackers looking to break in can do triangulation through research and most of the time, the people sharing these pieces of information aren’t aware that they’re doing anything wrong.
In this post, we’ll discuss the most common ways companies unknowingly leave themselves vulnerable to hackers and cybercrimes.
Photos Can Say a Thousand Words
The most common slip-up companies do is oversharing online especially on their social media accounts. One example would be human resources sharing photos and video clips to attract potential job applicants, interns sharing photos of their new badges, and employees sharing photos at office events. What they fail to realise is that in those images or videos they shared, there could ID cards or whiteboard information a hacker can use to his advantage. One will be surprised at how a quick online search can easily bring up a photo of someone’s office ID card.
Out Of Office Notice
Be careful about Out-of-office notice and don’t include too much detail a hacker can use. When writing full names, project names, and contact details, in an automatic reply, employees not only tell hackers where they are at the moment but also who else they can target. With this kind of information, hackers can easily email another employee and pretend to be working with you on a certain project and obtain sensitive data.
Overly Detailed Job Postings
An overly detailed job description can give attackers the exact data they need. Several companies take the time to write lengthy job descriptions and talk about the internal software they use. What this does is that it gives an attacker a lot of insight into their internal structure and the internal software they use. Once an attacker or a hacker gets a hold of this information, he can easily craft a malware tailored to the environment these companies are using.
Instead of working through trial and error, hackers who already have knowledge about the software these companies are using will know exactly what they need to successfully break in. Aside from developing a malware, they can also create a phishing campaign and lure victims based on the software being used.
What’s In Your Email Signature?
Email signatures have sensitive information a hacker can use to his advantage. Email signatures usually include the full name, office phone number, mobile phone number and social media handles which can be a goldmine for future phishing campaigns. We’re not saying not to use email signatures but be cautious about it and avoid placing company information such as about projects or leave in email signature as this information could be used in a phishing attack as the best time to send an phishing email is when people are on leave.
Failing To Verify Callers
One of the most common pen testing tactics is caller ID Spoofing. It’s unbelievable how many employees don’t verify callers just because they trust the caller ID. Caller IDs can easily be spoofed and a hacker can easily impersonate the IT or HR department and obtain sensitive information that can otherwise be protected if only employees are serious about caller verification.
What You Can Do About These?
Education is vital in preventing data leaks. By educating your employees about a particular vector, they would know how to protect sensitive data against it. Beyond education, companies also need to draft actionable policies that outline the steps when employees fall for a phishing scam or any other form of attack.