Highlander’s Owen Hanley explains the concept of social engineering

Social engineering is not a new BSc degree course, nor is it the process of growing your popularity on Facebook, Twitter, or Instagram.

It is in fact something that every business needs to be aware of and has most likely already been subjected to – the art of manipulating, influencing, or deceiving you to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO fraud are all examples.

IT security isn’t anything new and any responsible business should have already deployed hardware and software solutions to try to combat the ever-growing threat. However, unless staff themselves are trained and aware of the potential threats, companies are still at great risk of being breached.

With over 90 per cent of all breaches starting with an email and only 3 per cent of email attacks being reported it’s, without doubt, the most cyber-risk any business carries. The consequences can be costly or at worst fatal with recent research in the US showing that 60 per cent of small businesses close within 6 months of being hacked.

Highlander has partnered with the cyber security firm, KnowBe4, to enable your employees to make smarter security decisions, every day. We aim to turn your biggest risk to your cyber security into your greatest asset, human firewalls.

Included in a low cost per user/per month model comes on-demand web-based training combined with unlimited simulated social engineering attacks through email, phone, and text.

Importantly the intention isn’t to catch, or single employees out but instead to educate and empower them. By simulating attacks in a controlled environment, businesses can teach their staff what to look out for in future and what appropriate action should be taken.

Individual training plans can be set up, tailored to specific types of attack or departments such as finance that are increasing the subject of hackers’ focus. The results that can be expected from rolling out end-user security training, as can be seen from the infographic below, are dramatic.

Insurance companies now expect businesses to provide cybersecurity training/phishing simulations to their employees, and failure to do so could result in any potential claims not being honoured.

Furthermore, under GDPR (remember that?!), it is mandatory to implement a security awareness training program that trains staff on the risks related to personal information that is processed, stored, or transmitted by companies, as well as the employees’ responsibility to ensure data protection.

We never seek to use scare tactics to persuade clients to adopt technology or invest in new infrastructure, but the cyber security threat is a clear and increasing danger. The old adage of prevention being better or cheaper than the cure is very apt in this case, and supporting employees to become the last line of defence could be the difference between success and failure.

If you’d like to learn more or see a demo of the KnowBe4 platform, please get in touch and our security specialists will be happy to guide you through the options.