Beware – Social Engineering! The number one security threat to business is your people!

Every business collects data, from sales leads to financial transactions and everything in between. Increasingly data is the new ‘gold’. The problem is, unlike actual gold that you can put in a vault, data is weightless, and your staff need access to your data to get their work done. Locking your data away isn’t viable – you need to use it to achieve your competitive advantage.

Unfortunately, the criminal community know this; they know your people can access your data and they want it. If they don’t want to use it themselves, they want to gain access to it and control, then RANSOM it back to you. Too often, they can’t get through your main security so instead they target your people. They use social engineering – (if you have time, check out https://www.social-engineer.org/)

Basically, they trick you and your staff into telling them your codes!


Rather than roll out like the infamous Cray brothers, bursting in the front door with shotguns at the ready, they are crafty and subtle. Common examples include gathering personal details on social media (favourite teacher at school, favourite music etc – all those mindless quizzes on Facebook etc) – what these do is get the answer to their password reset questions. The more they know about you, the more they can use machine learning and AI to find patterns, helping them guess passwords based on the clues they gather.

Other common tools include phishing emails, or malicious websites, keyloggers, malware. We’ll talk more about these in future posts. If it seems a bit like James Bond Hollywood movies – well, we’re seeing enough to say “you had better believe it”!

So, what can you do? Educate your staff!!


Of course, many people tell us they know that already. But we are seeing more and more of these kinds of breaches. Unfortunately it’s often the people who know the risk that are are compromised. I guess they forget or become complacent . Maybe they take it for granted, or they think you are overreacting when you warn them?

To deal with this, you need systems and oversight. There has to be a regular programme that you can rely on to remind staff of your basic guidelines. This is too important to be something you mention occasionally with no follow up. You need to know all staff are aware of the risks and that they take it seriously. A one-off reminder won’t be enough!
That’s why we built a learning tool into our KARE for Security package; with this enhanced service we’ve built in training – including in person training where practical, supported by eLearning tools for those people that can’t be there on the day. This awareness is vital so our eLearning is quick and convenient so that people take up the learning and stay on their guard.

KARE for Security complements your existing maintenance contract with an enhanced security package, designed for the modern cloud-anywhere world. It’s a mixture of tools that go beyond traditional IT support to help you harden your ICT against intruders.

What more can you do?   Cert NZ is the NZ Government Cyber Security unit – it’s worth reading their top recommendations – https://www.cert.govt.nz/it-specialists/critical-controls/ – you’ll see that a Kinetics KARE plan helps you minimise your risk