It’s dead easy for hackers to collect large amounts of personal information about a company. Breaking and entering the system is easy as pie, especially when we help the criminals ourselves..
Airbnb will probably go public this year. Looking back on when Slack and Uber went public, you can see why that’s a big deal. The employees are busy, distracted and there is a lot of money coming in soon. This is how a hacker that pays a little bit of extra attention finds his target.
To get started the hacker will do some simple Google-work, which tells him people complain about the work-life balance. This gives him the idea to send out invitations for a free mindfullness events to the employees. He’ll make accepting the invitation easy for them – all they have to do is log-in with their Facebook username and password in a portal he created (that looks like Facebook, but actually isn’t).
The best thing about this? Most employees use the same password for Facebook as they do for work accounts.
Day in the life
To announce their going-public, one of the employees of Airbnb has posted a ‘day in the life’-video to YouTube. Nice to get a tour – especially for the hacker, who can check immediately where all the different departments are and which security measures employees have to deal with before entering the premises. This saves the hacker ‘physical hacking time’ (think social engineering). Now the only thing he has to do is wait to befriend someone who will take him in.
The video has also shown the hacker which software Airbnb uses – he can spot it on the computer screens that can be viewed in the video. And now he also knows which security software Airbnb uses.
The hacker has collected enough information to do serious harm without physically entering the premises. Sometimes, this is how easy it is. What can your organization do to protect themselves against these cybercriminals? Global Knowledge cybersecurity-expert Tjeerd Veninga gives tips.
Up your Security Awareness
Make sure your employees don’t take the friendly guy that has ‘forgotten’ his keys into the building. Don’t hold open the door to the entrance of your workplace to someone you don’t know, make sure to be skeptical when someone shows an abnormal amount of interest into your place of work during for example a smoking break. You don’t want to become the victim of a social engineer.
Extend your knowledge and put together a cybersecurity-policy
Put together a strong cybersecurity-policy and make sure it is implemented by people with cybersecurity knowledge and experience. Make sure you implement while thinking of the goals of the company: don’t become the funpolice but the helping hand that helps employees do better. CISSP and CISM-training courses can help in doing so.
Get to know your enemy
A certified ethical hacker uses the knowledge of a hacker in an ethical way. As an ethical hacker you can protect your organization against an actual hacker – beat them at their own game.
Do you want to become Certified Ethical Hacking Master? You can read all about it in this blog.
Make sure you have a plan for when things go wrong
Do you have an Incident Handling Plan? How would you manage a crisis? How do you organize an incident response so the breach is fixed quickly? We should always assume we’re going to get hacked one day and make sure we have a plan for when this happens.
Develop with security in mind
Do your developers work with security in mind? Do they know how to avoid the most common vulnerabilities? Developers can be great allies in the battle against cybercrime. Make sure you use them!
Want to know more?
Do you want to implement a cybersecurity-policy in your company, but do you have no idea where to start? What kind of skillset should your team posses? Together we can come up with an education plan, don’t hesitate to contact us.