Tip: Know the difference between a trojan horse and honeypot. Whether your employees are digitally savvy or technically inept, they should still be able to identify basic tactics used by social engineers and hackers. Why? It’s critical that your staff are able to recognize cyber attackers’ modus operandi; moreover, a clear understanding of the basics of social engineering allows you to protect both patient and practice data. Even a small breach can cause major administrative and technical headaches — and long-term financial and professional strife, too. Reminder: Social engineering is “an unauthorized attempt by someone masquerading as a legitimate party to elicit information from a staff member that may be used in attempts to compromise the security of systems or accounts,” explains Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems, LLC in Charlotte, Vermont. Reach into your cybersecurity tackle box and test your phishing and social engineering skills on these 10 questions. 1. What type of social engineering occurs when a third party interrupts online communication between two entities and a third party responds, altering the communication and posing as if they are one of the two original communicating parties? A. baiting B. man-in-the-middle C. spoofing D. vishing 2. What type of malware holds your data hostage by encrypting it and then demands payment to release it? A. ransomware B. spyware C. hostageware D. software 3. When cyber criminals target one person at your practice with an email scam, what kind of phishing is that? A. smishing B. baiting C. spear phishing D. carping 4. What popular technique are social engineers employing when they promise you a gift, prize, or service in return for login credentials, personal information, or practice data? A. spoofing B. phishing C. quid pro quo D. baiting 5. What type of phishing technique targets your practice administrators’ emails, stealing the most sensitive practice information while corrupting the networks from the top down? A. vishing B. spear phishing C. hacking D. whaling 6. What kind of social engineering is utilized when an infiltrator sends you text messages pretending to be a business or another practice to steal either your personal or professional information? A. smishing B. tailgating C. trojan horse D. blockchain 7. What is it when your practice is exposed for a cyberattack, but you don’t know it? A. cloud infrastructure B. honeypot C. zero-day vulnerability D. pentest 8. What style of hacking are cyberattackers using when they use legitimate-looking software, trick you to download, and then destroy your device via the back door? A. worming B. trojan horse C. baiting D. spoofing 9. What type of phishing happens when your staff try to use a website to look up information, but the website has been corrupted with web traffic rerouted and practice data usurped? A. worming B. smishing C. rooting D. pharming 10. What popular decoy tool can your practice employ to distract and draw hackers? a. honeypot b. trickbot c. encryption d. baiting Answers: 1) B 2) A 3) C 4) C 5) D 6) A 7) C 8) B 9) D 10) A