Employee security training is critical for any organization that wants to protect itself from social engineering attacks. Because end users are the weakest link in your security, training them on what policies and procedures they should follow and then testing them is critical. A content filtering system is also a great way to reduce exposure. Content filtering allows you to block employees' access to malicious websites that can lead to system compromise. A Web content filtering solution can block access to a website if an unsuspecting employee clicks on a phishing e-mail link or other lure that can lead to system compromise.
Social engineering is the practice of obtaining confidential information by manipulating people. In contrast, hacking is typically compromising a computer system in order to control or otherwise access sensitive information. Social engineering is getting people to do something they wouldn’t do normally. In short, social engineering is hacking people rather than computer systems.
Social engineering has been an effective method of committing fraud for centuries. Recently, however, it has been used more and more to assist criminals in perpetrating crimes that can net large sums of money. Without one social engineering method or another, most current attacks would not be successful.
Employees are an organization’s weakest link and social engineering attacks are only limited by the creativity of the perpetrator. Although there is no way to stop social engineering attacks entirely, we can do much more than we are today to reduce our exposure to them. Strictly enforced policies and procedures combined with training, testing and technology can reduce your risk from these types of attacks.
Here, Perimeter's Chief Technology Officer Kevin Prince offers five actions that can be taken to reduce your exposure.
Be sure to check out other slideshows from Perimeter: