How can protect Against Social Engineering
Here are some things that you can do to prevent falling right into a social engineering trap, or minimize any damage was done by any social engineering attack:
1. Prevent the Single Point of Failure
The more interdependent your accounts are, the more vulnerable you are to an attack. Make sure
that you avoid putting all your eggs in one basket – don’t use a single email account when
authenticating other accounts that you are using, or use a separate email for password
recovery.
2. Use different logins for every account that you are using and make sure that your
passwords are secure
Make sure that you never make it a point to use a password more than once. In a similar vein, see
to it that you are also using passwords that are very difficult to guess.
3. Always make use of two-factor authentication
Use another device or account when authenticating your accounts – this makes it harder for
thieves to hijack your accounts.
4. Be creative when creating security questions
Don’t go for the obvious questions and answers when it comes to creating security questions for
your accounts. See to it that all security questions and answers are hard to guess.
5. Secure your banking credentials
If you should shop online or leave banking details on a website for ease of access, see to it that
you check the security protocol of the website. In the same vein, see to it that you do not use debit
cards when making a purchase – once your banking information is discovered by a social engineer,
it makes it a lot easier for him to empty your entire bank account once he launches an effective
phishing attack.
6. Always pay attention to your personal data and the accounts that you are using
See to it that you regularly check activities on all your accounts. If you have a social media account
that you are not using anymore, delete it to avoid leaving a vulnerable account that can possibly be
breached since you are not actively checking it from time to time. At the same time, see to it that
you also check all online banking accounts and emails regularly to see if there is any suspicious
activity or phishing attempt done.
7. See to it that your information is removed from public databases
Public databases are a rich hub of information for hackers – while you may think that being found
online is good for personal networking, all the details that you leave on the World Wide Web allow
social engineers to identify you as a target. For this reason, see to it that you keep all personal
information, such as office location, phone numbers, and even email addresses away from a
hacker’s sight.
8. Be responsible for your digital garbage.
If you need to throw out any item that may contain any information about you, see to it that it is
destroyed completely to avoid any social engineering attack through dumpster diving.
The best way to avoid being targeted by social engineers is to have a healthy skepticism and to exercise
vigilance, especially when you are asked to give away private information.
Remember that whenever you are asked to fill up a form or even provide a seemingly non-confidential detail to anyone unless you can verify the identity of the one who is contacting you.
At the same time, remember that even managers, IT personnel, or co-workers are not supposed to know what your passwords are. Exercise the same caution when you are providing access to your devices or anywhere near the system that you intend to protect.
Make sure that every person that comes near your phones, tablets, or workstations are people that you know.