5 Tips to Prevent Social Engineering Attacks

Do you know what an online security breach will actually cost you?

social engineering

Know this: it isn’t cheap. It’ll cost you an average of $150 per compromised file to recover from data loss, and thousands of files are compromised in the average attack, so you’re looking at a six or seven-figure hit from just a single incident.

A million dollars and nothing in return… that’s not the kind of problem you want to deal with.

And besides that, do you want to be the kind of business that is known for suffering a major cyberattack (that’s assuming you even survive it, as 55% of small and medium-sized businesses are forced to close within just 6 months of an online security breach)? It’s going to freak people out a bit. Many potential clients are sure turn to someone else that doesn’t have a history for online security breaches.

Also, frankly, it’s just plain embarrassing.

It’s not just people forcing their way onto network with savant hacking skills that you have to worry about. It’s just as important to protect yourself from clever phishers who know how to trick your employees into handing sensitive data over instead of breaking in and stealing it themselves.

Here are 5 tips that will help protect you from social engineering attacks:

  1. Know What You Need to Protect

Some information is more important than other information.

If someone asks for your phone number, that’s okay, it’s not really information that needs to be protected.

But watch out for the inquiries of social engineers, as they’ll usually do plenty of background work before they strike. There’s no reason for anyone to know which operating system you’re running, which company collects your trash, etc. A sudden sense of urgency is a good sign that something is wrong. Make sure that your employees know that if a question seems at all suspicious and it regards information that could be used against you, just don’t answer it.

Want to learn more about which information is especially important to protect? Give us a call at (866) 828--6674 or send a message over to info@offsiteIT.com .

  1. Know Who to Trust

But what’s just as important as the information itself is who is receiving that information.

If it’s not a source you 100% trust, don’t share anything. Many of the most effective phishers put their victims on the defensive by posing at the IRS, local police, or some other position of authority. Always call to confirm that you actually owe back taxes, unpaid fines, or any other sort of penalty before you follow a link or (god forbid) install some software from such an “authority”.

Also, look out for URLs that are just a bit off from a legitimate source, like goggle.com or something like that.

  1. Watch Out for the “Mysterious USB Stick”

One of the more creative social engineering methods is to leave a USB stick loaded with malware outside on the ground between the parking lot and the entrance of your business. A surprising amount of people will get curious and pick that thumb drive up and plug it in to your network just to see what’s on it.

This scam is even more effective if that USB stick has the company’s logo printed on it…

It seems like common sense, but a reminder never hurts: make sure your employees know not to plug in any foreign devices into in-house equipment.

  1. Establish a Clear Set of Protocols…

You’re going need to make it clear exactly what you expect from your workforce in terms of protecting your network from social engineering attacks. Organize these tips and whatever other policies you want to implement, print them out, and make sure every employee has read and understands these protocols.

  1. …And then Follow Through

Of course, a “clear set of protocols” won’t make a difference if you don’t make sure those protocols are being followed.

Keep track of your employees’ behavior, and don’t be afraid to bother them if they’re not following all the rules. Repeat offenders should be penalized. We know it’s awkward to confront employees you see every day in this way, but when it comes to protecting your data, you’re protecting the very livelihood of your business.

Contact us at (866) 828--6674 or info@offsiteIT.com for more information about our IT services.


I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

  • Los Angeles / Orange County 22607 La Palma Avenue Suite 409 Yorba Linda, CA 92887
  • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
  • 1-866-828_-6674 info@offsiteIT.com