A cyber attack can have devastating consequences for your small business. Among other things, it can hurt your business’s small business’s credibility, take your network offline and even expose sensitive data — such as customers’ names and payment information — to one or more hackers. But not all cyber attacks rely on the deployment of malware. Some involve psychological manipulation to entice a victim to voluntarily divulge their logins or other protected information. Known as social engineering, it’s a serious threat facing small businesses today.

What Is Social Engineering?

Social engineering is a cyber attack in which a hacker attempts to trick a victim into providing him or her with protected information, such as the username and password to the victim’s network or server.

Although it’s called “social engineering,” it doesn’t necessarily involve the use of social media. Rather, social engineering simply refers to a cyber attack in which a hacker attempts to a deceive a victim into providing him or her with protected information.

Social Engineering vs Phishing: What’s the Difference?

Phishing is often confused with social engineering, with many business owners believing they are the same. Both types of cyber attacks involve psychological manipulation with the intent to compel a victim into providing the hacker with protected information. However, they aren’t necessarily the same.

The main difference between phishing and social engineering is that the former almost always uses email as an attack channel, whereas the latter may use email, phone, text messages or other mediums. Granted, email is also the main attack channel used for social engineering, but hackers still use other channels to perform social engineering.

How to Protect Against Social Engineering

As a small business owner, there are several steps you can take to protect against social engineering. First, don’t divulge any protected, confidential or sensitive information without first verifying the identity of the person who requested it.

Second, set the spam filter in your email account to high. When set to high, the spam filter will take a more aggressive approach to filtering and removing spam email, including social engineering emails.

Third, be wary of clicking links or downloading files in emails. Even if the email looks like it was sent from a legitimate person or organization, it could be a social engineering attempt. And if you click the link or download the file attachment, you may inadvertently provide the hacker with protected information. By following these tips, you can protect your small business from social engineering.