Imagine hackers as the Big Bad Wolf from the story of The Three Little Pigs. He’s always out there trying to get in and it’s up to you to build a secure network to keep him out.

There are a million ways a hacker can get into your company’s computer network. Once in, they have access to all of your company’s sensitive data. Your business reputation depends on ensuring your customers their information remains secure.

“I’ll let IT take care of it.” – Bad Idea

Most small businesses hire third-party IT service providers to protect their electronic information while larger businesses have internal IT personnel. Either way, their job is to secure your network by installing firewalls, scheduling software updates, configuring anti-virus software, changing network device passwords, and creating user privileges for network users.

With so many security tools in place, you might think your network is as secure as the brick house built by the third Little Pig. Yet it’s not enough to keep the Big Bad Wolf from blowing past your security measures and getting access to your network.

What weakness is making your network more like the straw house?

People.

Social engineering is the largest threat to data networks. It is successful because it allows the hacker to exploit a person’s trust to gain access to company property, networks, or networked devices.

“Grandma, what big eyes you have.”

Remember in the story of Little Red Riding Hood, when the wolf disguised himself as Red’s Grandmother? Hackers do similar things to trick people.

Here are several different methods they can use:

• Pose as service repairmen claiming they need to repair a device on your network.
• An employee within your company with malicious intent can use their elevated user privileges to access sensitive information.
• A person can gain access by using a stolen employee badge.
• A hacker can go through access doors by observing employees punch in the code as they enter through.
• Businesses generate a lot of paper. Anyone who can read has easy access to any printed information not properly destroyed. Dumpster diving hackers especially love to find old computers, network equipment, or data storage devices.
• Common courtesy says to hold the door open for the person behind you when entering or exiting a building. This polite habit has caused security breach incidences for several companies by letting unauthorized persons in and out of restricted areas.
• Realistically, there is an infinite number of ways hackers can use social engineering to obtain information. Their only limit is their creativity.

“Little Pig, Little Pig, Let Me In!”

Social engineering is done “in person”. Which means that the hacker will try to gain physical access to your company property. Employees should be aware of the methods used in social engineering. Just as you would create policies for handling electronic data, your company should have policies for how to handle visitors on company property.

Here are ways to defend against social engineering:

• Notify staff when visitors are expected.
• Have visitors sign in and verify their identity.
• Always escort or supervise visitors.
• Re-evaluate user privileges. Employees should have access specific to their work tasks and no more.
• Encourage employees to report suspicious activity or persons.
• Use badge access locks on doors instead of key-code locks.
• Properly destroy paper and electronic devices that have customer or company data.
• Use gates or turn styles that only allow one person through at a time.
• When conducting penetration testing on your network, don’t forget to use social engineering tactics as well. This will ensure that your employees are properly trained in preventing this type of network attack.

Build With Bricks and Mortar

The most important thing to remember when it comes to keeping out the Big Bad Wolf is that you must be smarter and always on the lookout. You can’t build a stable brick house without mortar. Defending against social engineering strengthens your overall network security strategy.