Avoid Being Hacked by Understanding These 5 Low-Tech Tactics
Not all cybercrimes begin online. Many start with a simple, deceptive act in the physical world that sets the groundwork for a cyber-attack.
A good number of high-profile data breaches, ransomware attacks, and other cybercrimes have been linked to surprisingly low-tech tactics.
But you can prevent these from happening to your business by knowing the tactics criminals use and understanding what to watch for.
1. The Practice of Badging
If your business requires employees to use identification badges, you'll want to know about the practice criminals use called badging.
Badging is the act of using a stolen or fake identification tag or badge to appear legitimate and gain access to facilities. Once inside, the user can snoop for sensitive information like network passwords written on post-its and other valuable data that can be used in a cyberattack.
While it's easy for employees, and even management, to get complacent about sharing or verifying identification badges, failing to do so or use badges properly can lead to disaster.
2. Piggybacking—Just What it Sounds Like
Ever hold the door open for someone struggling to carry a heavy load? It's human nature to do so, and perfectly fine in most situations. But what if you're entering your secure manufacturing facility and the person is a thief who's piggybacking?
Piggybacking is when an unauthorized person enters a secure door on the heels of someone with legitimate access. Slipping in this way negates the need to produce an access card or key the criminal doesn't have.
Piggybackers slip into the background of your facility, often times unnoticed by the person they're following. From there, they can steal laptops that might be used to access your network and sensitive data. Or leave USB sticks loaded with malware behind for unsuspecting and curious employees to plug them in.
3. Impersonation—the Art of Disguise
One of the oldest tactics in the books, impersonation is when thieves gain access by pretending to be someone else. Whether a pizza deliverer or fire inspector, the role seems legitimate.
If the impersonation works, then the thief has succeeded in gaining access to your business and everything inside, including your technology.
While it may seem overly cautious to do so, ask for credentials in situations where you feel criminals may be trying to fake their way in using everyday disguises. If they can't provide them or if you suspect something isn't right, notify security.
4. Surf's Up—Shoulder Surfing, That Is
Shoulder surfers are thieves who hover nearby, attempting to steal sensitive information. They look over the shoulders of unsuspecting targets and thrive in spaces where public Wi-Fi is available, and remote workers flock to take care of business. Think airports, coffee shops, and other communal gathering spots.
Shoulder surfers may watch employees enter their passwords on their laptops and work devices or read texts or email messages for insights they can use later to plan a cyberattack.
You can stop them by always being aware of your surroundings and taking extra steps to shield your most sensitive data.
5. Rogue Devices
Rogue Devices are those left behind by criminals designed to compromise your organization. Be on the lookout for technology that doesn't belong, such as laptops, USB sticks, or Wi-Fi access points.
These devices may be loaded with malware or configured to spy on your digital chatter to steal log-in credentials and other sensitive information, such as customer credit card numbers or personal data.
If you encounter any devices that don't belong, alert your IT and security teams immediately so that they can investigate.
Cyber-Proofing Starts With You
Creating a cyber-proof environment takes vigilance and a commitment to security from everyone in your business.
Prevent badging and piggybacking by ensuring your badge is only used to admit you into secure areas. Moreover, you can refuse entry to unfamiliar individuals who don't have badges.
If someone suspicious does badge or piggyback in, politely challenge their intentions and refuse access if their story doesn't add up. If you have a security person or service, alert them so they can take proper measures.
In addition, keep an eye out for doors that have been propped open, a sign that criminals may have badged or piggybacked in and intend to return.
Like most, cyber thieves look for easy ways to get the job done effectively. It's far more challenging to hack a business's system than to steal someone's password carelessly displayed on a post-it note on a computer for everyone to see.
Understanding the methods they use to trick, fool, and connive their way to a cyberattack is the first step in prevention.