April 20, 2016

The ability to communicate effectively with interdepartmental professionals in a large organization is invaluable. Without enterprise collaboration tools, employees all too often find themselves running in circles and sending countless emails just to actually find out who the right person to talk to is.

But enterprise collaboration tools are worth more than their intrinsic value as time savers and collaborative conjurers. In a world where cyberattacks are getting really personal, they also serve as a special line of defense for organizations.

How? By mitigating risks associated with social engineering.

Social engineering: Exploiting humans in the enterprise

Social engineering: Not everyone on the web is who they claim to be. Not everyone on the Web is who they claim to be.

A serious snafu in the ranks of Snapchat – the popular ephemeral messaging app – highlights the growing problem that is social engineering in the enterprise. According to The Washington Post, 700 current and former Snapchat employees had their Social Security numbers and names compromised in a cyber attack. That number is fairly small compared to the 80 million customers who were affected in last year’s breach of Anthem. But it’s the number of employees who were affected, as much as it is the manner in which hackers got to them, that makes this story so noteworthy.

The Post reported that an employee with the company deliberately sent all of this information directly to the hacker. It begs the question, why would anyone do such a thing? Well, because the employee was under the impression that he or she was sending this data to Snapchat’s CEO, Evan Spiegel, per his request. Who wouldn’t do what their CEO asked them to do?

The problem is, the person making the request wasn’t Evan Spiegel at all. It was an imposter looking for some personally identifiable information that might go for a pretty penny on the dark Web. The employee fell for it, and 700 people were affected as a result. Of course, this is hardly the first time such a scam has worked. The tactic is called whaling, and according to SC Magazine, it’s an increasingly popular social engineering strategy in which a hacker poses as a corporate executive for malicious gain.

“A former employee might find a way to play the system.”

Whaling is hardly the only method of social engineering used to go after corporations. Phishing tactics, for instance, use macro malware or crypto malware to commonly target specific organizations in an attempt to compromise the network, either for data theft or extortion.

In some cases, the threats are more directly internal. For instance, a former employee might find a way to play the system. This is exactly what happened at Ofcom, a U.K.-based communications regulator, in March 2016. According to Network World, the employee offered six years’ worth of sensitive data from his former organization to his new employer. The company turned down the offer and immediately informed Ofcom. It just goes to show how dangerous insider threats can be.

Knowing who is who is half the battle

Herein lies the power of enterprise collaboration tools. Social engineering often relies more heavily on human trickery than on technical prowess. People will pretend to be an employee from another department of a large organization. They might send a message loaded with malware. Claiming to be the CEO, they might request a big money transfer to a foreign account, or ask that sensitive employee data be sent to them. When it comes to defending against these types of threats, knowing who is who can be a huge help.

Take the example of a law firm. According to Law 360, about a quarter of all firms have been the victim of a breach. Now imagine a larger law firm, with a significant volume of legal staff with diverse areas of expertise and unique skill sets. In addition to streamlining collaboration in these large office settings, a solution like The Firm Directory can serve as a sort of internal point of validation. If, for example, an employee were to receive an email from a department he or she rarely communicates with requesting sensitive information, said employee could verify the requester’s identity and then communicate with him or her over Skype or The Firm Directory enterprise collaboration platform, just in case an email account was hacked.

And it’s not just the legal space that can benefit from enterprise collaboration portals. Any large organization that wants to improve internal collaboration, both for the sake efficiency and staff identity verification, is encouraged to do more research about enterprise social software. Learn more today by contacting Neudesic, makers of The Firm Directory and the award-winning Neudesic Pulse platform.