Social Engineering – the inadvertent disclosure of confidential information by your employees, is every organisation’s weakest security link.
Technology solutions, security policies, and operational procedures cannot work in isolation. People play a key role in an organisation’s security policy success.
Phishing, Pharming and SPAM are recognised examples of social engineering, both carried out for the purpose of profit, but there are more. These profiteers are always one-step ahead; creating and deploying new attacks that we are not yet aware of.
Regularly updated security software will deal with the majority of Phishing and Pharming threats and block the deluge of dodgy SPAM, but there are always those that slip through the net. Only users can decide if they are going to respond or not, and if they do, inadvertently hand over sensitive data.
Social Threats:
Social Engineers are practiced at manipulating employees into compromising corporate security, undermining human judgement so the victim is willing to concede network security, or even let them into an office building, without verifying their identity. They gather information by listening to conversations in public places (cafes, public transport etc), watching people enter passwords and PINs into laptops and at cash points, and even searching through the rubbish.
Awareness:
- If employees don’t know about it, they can’t help!
- Create a strong security culture within the organisation
- Make employees aware of the threats and reinforce that security is everyone’s responsibility, not just that of the IT team
- Point out to employees that they are the last line of defence against hackers who have turned to social engineering because they cannot breach the security systems any other way
- Have regular training sessions/updates about the latest security threats.
