Has a member of your staff been “socially engineered
”? Has an apparent friendly outsider somehow manipulated a staff member to gain access to your data and breach your corporate network?
Todd Budde, a VCIO with ThrottleNet, appeared on TNtv to discuss the dangers of social engineering and how to prevent it from occurring
What is Social Engineering?
Budde defined it as the art of gaining access to a building, data or software through the use of human psychology. Many expect an intrusion to take place through an electronic attack such as a computer virus but Budde said many intruders use the human element to obtain proprietary information for illicit purposes.
This can occur from something as simple as a phone call. In many companies, especially larger ones, the staff is large and many do not know all their co-workers. A caller, posing as an HR person, can contact an employee and fool them into revealing key information that enables them to access their network.
Intruders, posing as Microsoft tech support, can also call and claim to need important information from an employee. Again the staff person can mistakenly reveal their password and other key data.
Social engineering may also occur at the company doorstep. Many times an outsider may have a box and ask for someone to hold the door for them so they can enter the facility. They may purposely drop a USB key onto the floor. An employee may pick it up and unknowingly plug it into their computer. Suddenly a virus gets uploaded into the network.
Who can be a Victim of Social Engineering?
Budde said surprisingly the type of person most susceptible to becoming socially engineered is a corporate executive. Why? Because they own and run the company, and sometimes don’t feel as if the rules apply to them. They always feel if there is a problem their IT department will bail them out. He indicated that a number of executives like to be on the cutting edge of technology and may bring in their own devices, ones that are not approved for use by the IT staff.
How to Prevent Social Engineering
To prevent social engineering from taking place at your company, Budde recommends a short training session for all employees. The training should educate staff on the dangers of social engineering and various social scenarios which could occur. It can also include which verbal clues to watch for to prevent the dissemination of sensitive information.
In addition he recommends creating visual reminders in the form of posters. These should be placed near copiers, printers and other high use devices, and changed monthly to give them a fresh look. He also recommends changing computer screen savers on a regular basis with additional reminders about protecting passwords and other sensitive data.
For additional information on social engineering protection and training, contact ThrottleNet at 866-826-5966.
Watch the full episode on social engineering below!