By pretending to be someone you aren’t, called ‘pretexting’, you gain access when you shouldn’t. In Mr. Robot, Elliot uses pretexting to gather information about another character over the phone.
Tony continues, “I’ll print something from HR and take it to my meeting. When the client says they don’t believe they have any security problems, I show them everyone’s pay rates - or whatever - and that generally has the desired effect.” Tony believes there’s good news and bad for small and medium business owners today.
So how hackable is your business?
“The good news is people are generally more switched on about security than ever before. The bad news is this is the scariest year I’ve ever seen and it’s only getting worse,” says Tony.
SMEs are particularly vulnerable because they tend not to have professional help and have lumped all their data, files, apps and so on into one pot which everyone in the company has access to.
“That means you’re more at risk from an attack than a larger corporate which will have put in place policies and procedures to prevent attacks from being successful.”
Every business can be a target
Ling Hou is Spark’s portfolio director for security and he says social media has provided yet another vector for attacks on company data.
As Elliot demonstrates in the show, access to social media means you have access to all the clues you need to solve the puzzle of who your target is.
“If you wanted to, you could find a friend’s LinkedIn profile, copy it, set up a new profile using that name and all those details and start inviting people you know to join. You’ll get a lot of people connecting to your account.”
While a fake LinkedIn account may not sound like a major problem, the real fraud occurs when the hacker asks one of these duped people for a connection into a company or senior manager and from there you have an access point and a relationship that appears to be based on trust but is fraudulent.“
They may not use this connection immediately. Much better to sit on it and wait and treat it as an asset.”
Ling says technology encourages this kind of behaviour. There are benefits to turning on location services on your mobile device but at the same time you’re letting everyone know you’re not at home or at the office and that means you’re vulnerable.
How to help yourself and your business stay secure
It’s not all gloom and doom though. Our experts say there are a number of things to do to protect your business.
1. Keep your system up to date. Don’t leave a computer with yesterday’s security settings.
2. Be careful with USB sticks, or as Tony calls them, ‘Uncontrolled Security Breaches’. Institute a policy about copying and sharing files.
3. Policies and procedures are your friend. The company procedure for setting up a new account or paying an invoice should be followed at all times – if someone’s asking you to work around the process, that’s a red flag.
4. Social engineering comes in all forms. Just because the caller says they’re from tech support doesn’t mean they really are. Check with their manager first.
5. If there’s any doubt, act on it. Don’t think ‘Oh I’m sure it’ll be OK’. Double check.
6. Back all your data up off site. That way if or when you are attacked, you can walk away from the infected machine and start again with your saved data.
7. Don’t use the same password for multiple services because if one gets hacked you’re exposed in others as a result.
What’s next for you?
If you want to better protect your company’s security systems, get in touch. We can review the tools you’re using and suggest the right services for your company’s size and requirements. And if you haven’t yet seen Mr. Robot, you can find out more about it and watch seasons one and two on Lightbox.