5 Strategies to Protect Business from Social Engineering Attack

What is social engineering?

Social engineering is a technique used by hackers to compromise internal systems by using email, phone or in person. According to this article, 70% to 90% of all malicious breaches are due to social engineering and phishing attacks. And in 2020, Google has recorded 2 million phishing websites. Plus, according to this news, Taiwan is facing about 30 million cyber attacks every month. Today, social engineering has become one of the biggest threats which all companies need to take some action on and Taiwan is not an exception.

5 strategies to protect social engineering

There are 5 basic strategies which companies can pursue to protect their company from social engineering attacks. Those are as follows.

1. Cyber security policy
2. Access control management
3. Multi-factor authentication
4. Password management
5. Regular backups

1. Cyber security policy

A cyber security policy is guidelines of how IT systems should be used and how to minimize the risks. A cyber security policy helps employees to understand the process of protecting data and information assets in the company. Creating a cyber security policy is the action which a company must do in the first place to protect their company from cyber attacks and this can be done without spending any IT budget.

2. Access control management

An access control is to set the policy of which device or which people can access to certain data or information assets. Not only access control regulates which employees are able to access certain data but also denies unnecessary access to internal assets from external.

3. Multi-factor authentication

Multi-factor authentication is the way of authentication using multiple methods. The most common way of multi-factor authentication is to authenticate by ID and password as the first factor. And as a second factor, authenticate by one time password which can only be generated by registered mobile devices.

4. Password management

There will be less meaning of authentication if an employee sets an easily predictable password. It is important for a company to require employees to set strong passwords. However, recently, the trend of passwordless login is emerging. The passwordless login is the authentication to use some token to login. And since the token is longer and more random than passwords, it is an easier and safer solution than ID and password login.

5. Regular backups

Regardless of how much a company tries to prevent social engineering, since a human is not perfect, there is always a chance of data compromise. Even if the data of a company was compromised and not be able to be accessed, if there is a backup, the company can recover data from backups and continue their business with minimum suspension.

HENNGE One as an easy adoptable solution to prevent social engineering

If the company uses a cloud system, HENNGE One will provide a variety of security functions to protect from social engineering. By using HENNGE Device Certificate with HENNGE Access Control, users only can access to the cloud system with the device which HENNGE Device Certificate is installed on.

Plus, a user can access the system without password but using credentials in the device. This passwordless login will free the employee to remember long complex passwords and can login quicker than ID and password login. Not only having passwordless login, but also HENNGE One can provide multiple-authentication functions using an accompanying app called HENNGE Lock.

Today, email plays an important role in communicating with external companies. HENNGE One Email Archive will store all the email sent or received by the company so that if there are situations where a user lost the access to the email system, the user can access to HENNGE One Email Archive to check the email content.