October is national Cybersecurity Awareness Month. Cybercrimes are a constant threat, and health systems are among the most frequently targeted entities. To keep our health system and our patients safe, we’ll be sharing information on some of the most relevant cybersecurity topics each week in October.
Social engineering is the art of manipulating people so they give up confidential information – usually passwords, bank information or access to your computer. Criminals use social engineering tactics because it is often easier to exploit our natural inclination to trust than it is to discover ways to hack into software.
What does a social engineering attack look like?
Social engineering tactics are grounded in the science of human motivation. One of the subsets of social engineering strategies is pretext: using a compelling story or a reasonable-sounding request to target people’s emotions and get them to act without thinking too carefully. Below are examples of pretext that can lay the groundwork for a cybercrime:
- A message that urgently asks for help
- An email asking you to donate money
- A problem that requires you to send personal information for verification
- An email message from someone posing as a boss or coworker
These social engineering schemes know that if you dangle something people want, many will take the bait.
Don’t become a victim of social engineering attacks. Become familiar with ways to protect yourself and our patients from these cybercrimes.
- Lend a critical eye to emails. Pretext uses our “trust” inclination to bait for personal information. Any email from an untrusted source asking for personal information is likely a scam.
- Make use of access control policies. Multi-factor authentication is an example of an access control policy. Ballad Health uses multi-factor authentication in a lot of areas to ensure that a person attempting to log into an account has the right to access it.
- Report any requests for sensitive information that do not come from a reliable sender. If you are asked to reply with personal information from an unknown source, please use the Phish Alert function in Outlook to report this.
- Beware of any download. If you don’t know the sender personally or were not expecting a file from them, confirm the sender’s identity before downloading any attachments.
