Leave it to the Dark Reading website to bring hidden vulnerabilities into the light. In an eye-opening exposé, white-hat hackers and social engineers reveal several forehead-slapping ways your employees (including HR staff) can unwittingly help cyberthieves loot your company and pillage its data.
- Photo sharing. Online pictures or videos showing employees or in-office activities can expose employee badges, company whiteboards, access control systems—and even Post-It notes revealing log-in credentials–all things that clever, detail-dredging crooks can snatch up and use to penetrate your company.
- Job postings. Innocuous, right? Nope. In their search for qualified candidates, many companies publish very specific details about the software they use in house. Attackers can use this information to custom-tailor malware or phishing techniques specifically to exploit those solutions, drastically cutting the time they spend on trial-and-error methods.
- OOTO messages. Out-of-the-office email auto-responses (and their voicemail equivalents) are a favored vulnerability of white hat hackers interviewed by Dark Reading. Consider this made-up (but not farfetched) example: “This is Jean. I’ll be in Fiji for the next two weeks. If you have questions about Project A, contact [email protected]m. For Project B, contact [email protected].” With this information, an attacker could reach out to the employees named, pretend to be Jean’s colleague, and trick them out of sensitive data.
Other common but dangerous employee habits cited by Dark Reading include: Failing to identify callers (voice phishing or “vishing”) or verify the source of cellphone texts (SMS phishing or “smishing”). “I’m just looking for little pieces of information at a time so I can piece it all together in a larger attack,” cautions a hacker.