Social engineering, in the context of information security (IS), refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it’s often one of many steps in a more complex fraud scheme.
Social engineering can be easily used to gain access into corporate property, information, protected or sensitive data, industrial espionage. Different techniques can be applied, as pretexting, diversion theft, phishing, IVR or phone phishing, baiting, quid pro quo, tailgating, among others.
We provide training to the client’s staff, we offer guidance and a security awareness of the potential danger of social engineering events. Including how to mitigate and prevent social engineering to happen in the client’s company. Real world scenarios and case studies are demonstrated. The material we provide includes Kevin Mitnick’s social engineering examples, among others, in an easy to read and understand way, ebook format. We help our clients to reduce their security risks by, among other items:
- Establishing frameworks of trust on an employee / personnel level, specifying and training personnel when / where / why / how sensitive information should be handled.
- Identifying which information is sensitive and evaluating its exposure to social engineering and breakdowns in security systems as building and computer system.
- Establishing security protocols, policies, and procedures for handling sensitive information.
- Training employees in security protocols relevant to their position, in situations such as tailgating, if a person’s identity cannot be verified, then employees must be trained to politely refuse.
- Performing unannounced, periodic tests of the security framework.
- Reviewing all steps regularly, as no solutions to information integrity are perfect.
- Using a waste management service that has dumpsters with locks on them, with keys to them limited only to the waste management company and the cleaning staff.
- Locating the dumpster either in view of employees such that trying to access it carries a risk of being seen or caught or behind a locked gate or fence where the person must trespass before they can attempt to access the dumpster.