27 May 2019

Today’s blog post looks at social engineering as a technique that cyber criminals are using to gain access to confidential information. We discuss the importance of creating a culture of awareness within your organisation and strategies that are in place to protect the security and stability of the .au namespace.

What is social engineering?

You may have heard the term ‘social engineering’ thrown around in conversation with your tech-savvy pals before. You understand that it is dangerous, but you’re not exactly sure what it involves.

The security team at Kaspersky Lab explore the concept by offering the below definition.

“Social engineering is a form of techniques employed by cybercriminals designed to lure unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites.”

To put it simply, social engineering uses intriguing means to trick people into opening a file through a link or attachment. This may be in the form of an email that appears to be from a friend, family member, or colleague.

How would this happen in the workplace?

An example which looks at phishing as a form of social engineering in the workplace would be if a junior finance employee was to receive an urgent email, appearing to be from a senior executive. The email contains a link to directly transfer funds to support an important deal. The senior executive instructed that the money was to be sent immediately and the junior employee was afraid to question her, so transfers the funds, and as a result, the company is fleeced.

Social engineering uses a combination of people’s social habits and methods of deception to entrap otherwise wary people.

Creating a culture of awareness

With cybercriminals continuing to deploy these sophisticated techniques, the first step is to make sure your employees are aware of current threats. Teach them to always be alert when clicking links, opening documents or entering account information online.

Organisations can also learn from recent social engineering attacks, or employ outside resources to attempt exploits, and use the results to train staff.

The .au namespace is protected against harmful activity by auDA’s Information Security Standard (ISS) certification, which sets a baseline, adaptable standard that all .au registrars must comply with. These processes are constantly being monitored and updated to comply with Australia-wide security standards in ensuring the integrity and stability of .au and in creating an organisational culture of awareness, staff training is highly recommended.

Have a question, idea or some feedback? Email us at blog@afilias.com.au