For clarity, when we write about consumer protection we are referring to the security aspects of a consumer including the risks and safeguards of their personal information.The discussion points focus on a specific form of cyber attack namely Social Engineering.

Guard Point specialises in reducing the impacts of Social Engineering attacks, existing primarily to serve the consumer in the protection of their identity and to help reduce spam and scam impacts on society. While our service helps protect businesses, our focus is the protection of everyday consumers of business services.

Social Engineering is one of a number of cybercrime activities that pose a large threat to society. Simply described as an act of tricking or manipulating someone into divulging information or taking an action. You can imagine the difficulty in trying to determine how you can protect people from this form of attack.

As we can see in the security markets, the initial answer to solving this is user education. This is evident with the number of businesses that have switched their focus to security education services capitalising business impacts and the need to close security vulnerabilities. While these training services are valuable for the business and individual receiving the training, it does focus directly at businesses leaving consumers and end users with little focused training on protecting themselves from Social Engineering attacks.

Having said that, there are a few great resources online we have come across which include the following where consumers and end users can learn more about Security and Social Engineering.

• https://www.bitsnbytes.us.com - Bits N’ Bytes Cybersecurity Education.
• https://www.social-engineer.org - Security Through Education.

The challenge of education is the amount of information an end user needs to retain in order to protect their personal data and identity. Certainly positioning a user in an improved position, as the attacks become more sophisticated, so does the training requirements. This does increase the risk of the end user making a mistake or missing a process step.

Education is important in attempting to prevent Social Engineering attacks however its not the only way. Fundamentally Social Engineering attacks are successful due to the receiver not being able to verify the identity of the attacker. Coupled with an interaction invoking urgency, fear, greed, curiosity the user is at the mercy of the attacker.

At Guard Point we focused on trying to solve the identity aspect of a Social Engineering attack to provide the user with a mechanism to gain confidence and control during an interaction. The gap between user education and user knowledge failure is closed when businesses and consumers utilise Guard Point. Guard Point tools and processes allow the users/consumers to take control and actively protect their information with verifiable data.

We are all very familiar with the challenges of moving into the digital era. Failing to effectively determine trust has resulted in long term financial and identity impacts to people. Determining trust in the digital world is like rolling the dice at the casino. Unfortunately this is what we as consumers of business services do every day. We take the risks that a business interaction is legitimate hoping that the personal information we share in the authentication process with a business doesn’t result in identity theft of fraud.

We’ve all experienced the well known and defined process of authenticating a customer during a business interaction. We typically see this when a bank, insurance provider and so on, contact us to provide some information about our account. Unfortunately this process doesn’t provide consumers with confidence. Often proactive business engagements result in customer termination for the fear of being scammed.

Building trust requires an independent entity that can be trusted by both the consumer and the business to facilitate an interaction. This independent has a requirement to correctly and regularly challenge each party on their identities. Allowing the customer to know who they are connecting with is the first step in building trust in the digital landscape.

Rightfully businesses have been investing heavily in people, process and technology within their organisations to help protect your data from cybercrime attacks. We’ve seen an increase in security services, businesses, technology and tools to help protect the business. Unfortunately we haven’t seen the same investment or capability in the protection of our consumers.

It’s now time that we, both the consumer and the business invest in the protection of the interaction between a business and a consumer. Other than asking the consumer for personal information to verify themselves there is a severe lack of security around the tools and technology we use to connect. If we take SMS as an example, it's easy for an attacker to masquerade as a brand in a smishing / SMS Phishing attack. For the consumer, there is no effective way to verify this interaction is legitimate. This is the same for phone calls, emails, chat messages and so on.

Guard Point has been developed to allow the real-time verification of businesses for the sole purpose of protecting the consumer.