Information Security: The Human Element

by | Feb 9, 2017 | Blog

 We know that firewalls, anti-virus software, and two step-authentication help protect us against cyber breaches and attacks, but when it comes to information security, could you and your employees be your weakest link?

Social engineering doesn’t rely on computer code or sophisticated knowledge of technology. Although it can be used alongside these types of attacks, social engineering is a method of psychologically manipulating others to perform tasks or divulge information.

We all like to think we couldn’t be tricked or deceived in such a way, but these attempts are often effective because they are plausible and believable.

Those behind these schemes conduct research, taking the time to ensure their request or interaction appears as normal as possible. By visiting your company website, performing a Google search, checking LinkedIn and social media profiles, a scammer could find information about you and your role, the names, contact details, and roles of the people you work with, the structure of the business, your clients, and much more. Successful social engineering attempts are carefully designed so as not to arouse suspicion from those targeted, which is why research is an important part of the process. Scammers might seek information all at once, or small amounts of information over time, via multiple channels, with the aim of piecing them together for their gain. 

Social engineering strategies rely on human nature and exploit our psychological traits, such as:

  • Our desire to be helpful.

  • Our tendency to trust people.

  • Our fear of getting into trouble.

When we hold a door open for someone entering the building behind us we are trying to be helpful, and we trust the person enough to let them in. We trust that their intentions are good and legitimate, but are they really who we assume they are? They may look like a delivery driver or a client, they may sound convincing and be charismatic, but can we be sure of their identity?

Fear of getting in trouble also makes us vulnerable to social engineering. Imagine receiving an email from a senior colleague asking you for account details, or to carry out a bank transfer, as they will be out of the office for the rest of the afternoon and the transaction needs to be completed today. Only on close inspection would it be possible to see the email is fake, but these subtle differences can be difficult to spot. Like all good social engineering attempts, it will be well researched, so you may be aware that a transfer is due to be made to the person or company mentioned in the message. Of course, the bank details they provided are not for the account they say they are.

Emails like this will often look convincing and convey a sense of urgency. The email address could be nearly identical to your colleague’s, with only subtle differences (‘.co’ instead of ‘.com’, for instance). Perhaps the scammer also copies in addresses that look like they belong to other senior members of your team, trying to lend greater authenticity to the ruse.

Sadly, there is no quick technological fix to protect your business against social engineering attacks. With businesses increasingly being targeted in this way, the best way to protect your company is to train staff in how to better recognise social engineering efforts.



Warning: include(/index.php): failed to open stream: No such file or directory in /home/wooddisn/public_html/wp-content/plugins/social-share-button/includes/class-shortcodes.php on line 41

Warning: include(): Failed opening '/index.php' for inclusion (include_path='.:/usr/local/php71/pear') in /home/wooddisn/public_html/wp-content/plugins/social-share-button/includes/class-shortcodes.php on line 41


Unable to display Facebook posts.
Show error

Error: (#4) Application request limit reached
Type: OAuthException
Code: 4
Please refer to our Error Message Reference.


Wood & Disney Ltd
Lodge Park, Lodge Lane
Essex, CO4 5NE

T: 01206 233170

wood and disney is the trading name of Wood & Disney Ltd, a company registered in the UK number 4143288


Sage One


Xero Accounting

Website designed by: Website Design

Warning: include(/index.php): failed to open stream: No such file or directory in /home/wooddisn/public_html/wp-content/plugins/social-share-button/includes/class-shortcodes.php on line 41

Warning: include(): Failed opening '/index.php' for inclusion (include_path='.:/usr/local/php71/pear') in /home/wooddisn/public_html/wp-content/plugins/social-share-button/includes/class-shortcodes.php on line 41