Social engineering is the art of manipulating human psychology for one’s own gain, has been prevalent throughout history, but has scaled massively in recent years thanks to the internet and email. According to HealthData Management, only 1% of cyberattacks in 2019 exploited a hardware or software vulnerability; 99% utilized some form of human intervention.
Cyber hackers employ social engineering techniques to attack an organization at its weakest point, its employees, which is why understanding the terminology is the first step in stopping its use.
Ask yourself key questions about the email and its sender. Do you know the sender? Did you expect the email? Do not blindly click. Pause, consider, and if necessary, block and report.
We have all heard horror stories about phishing and spoofing system-wide attacks due to the negligence of a single employee. The wrong mouse click can cause a disastrous domino effect, at best shutting a system down temporarily, whether or not a victim pays a ransom, or at worst, exposing sensitive data and creating a larger, more dangerous problem. Targeting the healthcare industry, with its wealth of personal patient data, is a practical option for cybercriminals, demonstrated. The significance of protected health information, along with the industry’s unfortunate use of legacy devices and notoriously overworked employees, sets the industry as a prime target.
A solid cybersecurity program must utilize employee awareness training along with secure offline backup, multi-factor authentication, and email security software such a Paubox Email Suite Plus. Healthcare organizations must utilize HIPAA compliant email. Training must include a review of all existing processes and policies. Every procedure should be practiced and learned. Training should be detailed and thorough, then updated and repeated. Keeping cybersecurity people-centered is necessary to turn the weakest security link into a strong asset, derailing cybercriminals desires to use social engineering tactics in the future.