Social engineering is on the rise, which means your clients are at more risk than ever. In 2016, 60% of enterprises were victims of social engineering attacks. Of these attacks, 65% of them compromised employee credentials, with 17% of them breaching financial accounts. As we’ve discussed in our changing passwords and sharing passwords blog posts, people are the last, and often the weakest defence in cybersecurity. Social engineering further exploits this.

What is social engineering?

Instead of cracking a password or hacking a system, social engineering uses manipulation to get people to give up their confidential information. By a criminal’s standpoint, it is much easier to gain access to a system or account by fooling someone, than it is by hacking a password. Social engineering comes in many forms – usually through email – and methods include phishing, spear-phishing, and Business Email Compromise (BEC), just to name a few.

The risks your clients face with social engineering

Social engineering is incredibly dangerous because it exploits people’s natural inclination of trust. Attacks are also becoming harder to detect as criminals get smarter and more sophisticated:

  • In one study of various businesses, 89% saw either a steady pace or an increase in spear-phishing and other targeted email attacks in 2016. Of these attacks, more than 69% targeted user credentials to commit fraud against the organisations.
  • 49% of respondents rate the effectiveness of their defences against social engineering attacks as average or below average.
  • 20% admit they don’t know if their own brands have been used in social engineering on customers or partners.
  • 50% said they do not have a program in place to audit and encourage partners to authenticate email sent to their organisations.

Sound familiar?

Just about every MSP we talk to has a story like this. A client calls in a panic – they’ve been hit with ransomware. One of their employees was tricked into opening a file, and that’s it. It’s pay up or lose their business’s data. Your job as their IT professional is to solve the problem, but you can also play a critical role in preventing this type of scenario in the first place.

Your clients need protection

Of course you’re going to offer a full security suite to your clients. To that, you can add backup and recovery. You can also help your clients take precautions against social engineering attacks by educating them and by encouraging a security culture. Make sure your clients know to slow down and read their email carefully before clicking links. The best social engineering attacks don’t seem suspicious at first glance.

Requests for financial information or passwords should be deleted and their spam filters should be set to high. Lastly, although difficult, remember to let them know they should be skeptical. Cyber criminals are sneaky, but falling for one small email can have a devastating impact.

The role of passwords

A cloud-based password manager is another weapon in the security arsenal. Using IT Glue to manage your clients’ passwords helps you to control who sees those passwords, and allows you to identify and change vulnerable passwords quickly when needed. Furthermore, new passwords can be made available to the entire team instantly and securely, even via mobile, reducing both downtime and risk associated with password changes.

To learn more about how IT Glue can help you manage your clients’ passwords, book a demo with us today.

Yes, sign me up for a demo!