Social Engineering | The Net Secure-The Net Secure

Dated Latest News

2009-12-20 Why are we a .org?
A lot of people have pointed out that .org is supposed to be for non profit or charitable organizati...[more]
2009-12-08 Securing your domain names
Domain name theft is more common than you expect. We just don't hear about it that often. It can...[more]
2009-10-27 Scam Warrning
The following email and variants has been circulating: Attention! On October 30, 2009 server upgrad...[more]
2009-10-25 Social Engineering
Social Engineering Social engineering is the most dangerous for...[more]
2009-07-12 What is a hacker?
Originally a hacker was used to describe someone very knowledgeable with computers, while ...[more]

News

Social Engineering

Social engineering is the most dangerous form of security breach you have. You are more likely to be a target of social engineering and actually fall victim to social engineering than any other form of hacking. What is even worse is that the only requirement to do any sort of social engineering is some confidence.

According to Wikipeida:

Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.

Educating your employees is the only way to reduce the likelihood of falling victim. Combating against this gets harder the larger your company is, but here is some simple guidelines to follow:

Stress to your employees that no one should ever give their password to anyone over the phone. Emphasize this by informing them anyone caught doing so will be fired immediately. This is the most important one! You cannot emphasize this enough. You might even go as far as testing a few people until someone gives in then make an example.
Educate your users on phishing
Introduce your desktop support team to everyone in the company and inform them no one else is to touch their computer, no exceptions. Also an important one.
Filter your emails
Send out weekly newsletters that are fun and interesting to read. Use these newsletters to educate your users of some online perils.

Of course with every company the educational part of network security varies, but you can contact us at TheNetSecure.org for an analysis and even schedule a class for your employees. Education is 90% of the battle.