Social Engineering: could you become a victim?

You hear a lot about data breaches, social engineering, and cybercrime on the news. You may think that it has nothing to do with you, but SME entrepreneurs can also become victims of cyber attacks. It often starts with something as simple as a weak password. How do you avoid becoming a victim of cybercrime? This is Netty's story.

(For English subtitles, click the Settings wheel, click 'ondertiteling', and select English.)

Although physical crime is decreasing, criminals regularly outsmart us digitally. 1 in 5 companies experiences a cyber incident. What happens if you become a victim of cybercrime and how do you protect your business? For Netty* it all started with a strange phone call…

What happened?

Netty is 64 years old and has been working as a freelance lawyer for 14 years. One day, she receives a call from a potential client who was very chatty and asks specific questions about her private situation. A few days later, her database with clients’ sensitive personal data was hacked and she can no longer enter her system. Her IT administrator confirms that there is a data breach. The criminal used the answers that Netty gave to the questions about her private situation to guess her password. Netty has fallen victim to a form of social engineering.

What does Netty do?

As soon as Netty hears that there is a data breach, she informs the Dutch Data Protection Authority (in Dutch) of this breach. She is unsure whether to report the leak to her clients, as her reputation (in Dutch) is at stake. You only need to report a data breach to the persons involved if it can have serious consequences for their privacy. Netty contacts KVK and explains her situation to a business adviser. After that conversation, she decides to inform her clients about the leak. Her files contain sensitive data

What now?

To prevent her from ending up in this situation again, Netty and her business adviser make a step-by-step plan.

Install a password vault

The data breach started with a weak password. Netty does not want to make a mistake like that again. She sets up a password vault. A password manager generates hard-to-guess passwords for Netty and stores them in the digital vault. 

Run a cyber scan

To identify other vulnerabilities, Netty does a free cyber scan. Based on her answers, the scan gives her concrete tips to work more safely, such as installing suitable antivirus software.

Make regular backups

The hacker could have done a lot more damage. For example, he could have locked all files (in Dutch) on Netty’s computer. That is why Netty makes arrangements with her IT manager about backups. Should something ever go wrong again, Netty always has a recent backup to fall back on.

*Netty's story is fictional, but based on real-life events.

Have you ever been a victim of social engineering? We would like to get in touch with you. Share your experience via

What risks do you run as an entrepreneur and what should you pay attention to? Read all about how to secure your business operations.