Hacking Your People Before Someone Else Does
Photo by <a >Growtika</a> on <a href="https://unsplash.com/photos/cAuANa0VvGw?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyTe

Hacking Your People Before Someone Else Does

Hernan Popper, MBA C-EI C-EH SSAP SACP GSTRT Hernan Popper, MBA C-EI C-EH SSAP SACP GSTRT

Hernan Popper, MBA C-EI C-EH SSAP SACP GSTRT

Cybersecurity Evangelist | Human Risk Manager | Founder @ POPP3R CYBERSECURITY

发布日期: 2023年8月15日
+ 关注

Small businesses and nonprofits operate on tight budgets with small IT teams. As cybercriminals increasingly target these organizations using social engineering and phishing, unconventional security approaches can provide affordable protection. One potent solution - proactively hacking your own people.

Penetration testing, also known as ethical hacking, involves legally attacking your own networks, applications, and devices to find weaknesses before criminals do.

In this case, the key is preventing deceptive techniques used in real-world attacks on your people, including:

  • Phishing emails mimicking legitimate messages to trick staff into clicking malicious links or disclosing sensitive data.
  • Fraudulent phone calls impersonating vendors or IT support to socially engineer access credentials.
  • Malware-laced USB drops to test if staff connect unknown devices to systems.
  • Tailored social media messages taking advantage of personal details to manipulate staff.

Responsible, properly planned human penetration tests evaluating your staff’s vulnerabilities to phishing, phone scams, infected drives and other social engineering tactics are essential. Here's why:

  • Uncovers specific gaps in policies, training, and defenses around these real threats. Shows where to strengthen protection.
  • Builds staff skills and awareness around appropriate handling of suspicious messages and requests. Improves vigilance.
  • Intermittent testing keeps social engineering defenses sharp as new staff join and threats evolve. A critical cybersecurity drill.

Get ahead of criminals. Ethically test your people and your own social engineering vulnerabilities before someone else does.

Anastasia E.

"she's actually a time traveler from a future where human consciousness has fully merged with the digital world"| Digital Wellness advocate for Montanans | And, a ROCKIN TEAMMATE for anyone looking to hire! ??????

1 年

I look at phishing simulations the same.way as fire drills. In school or in the office building, we would occasionally and spontaneously run through a drill simulating a fire. Everyone would run through the motions of what we would hear, what we should do and where we should go and we would physically play it all out where we would leave our desks and end up in a safe place out in the parking lot somewhere. That way, we all knew what signs would indicate a threat. What we should do to avoid being harmed by the threat AND where we should go to be safe from the threat. Phishing happens more often than fires! Running occasional and spontaneous simulations not only helps your users remain vigilant by knowing what signs to look for, but also reminds them that the threats are always present and how to avoid exploitation and where to appropriately report the threats in an efficient and timely manner. In short, I feel it keeps folks on their toes! The problem with phishing simulation programs is in the organizations policy on mitigating the risks that the simulations reveal. How punitive is your program? THAT is what I feel people have issues with the most. But, each org is different with different needs and regulations. ????♀?
回复
2 次回应

要查看或添加评论,请登录

Hernan Popper, MBA C-EI C-EH SSAP SACP GSTRT的更多文章

社区洞察

其他会员也浏览了