written by Chris Griesemer
Over the past year, Social Engineering has become a very hot topic. Here’s one example of a recent article. Click here to view the article: Hackers Press the ‘Schmooze’ Button.
A simple description of Social Engineering is deceiving someone on the phone, in person or on a computer into divulging confidential information. This article sums up the dangers of social engineering and points out that the weakest link in most companies is their customer service department. I would suspect most companies don’t have any kind of social engineering testing done on an annual basis.
Banks are probably one of the few industries that are required to have some form of social engineering review or audit. Regardless of what industry you are in, at a minimum, companies should implement two important procedures:
- Define a set of guidelines that customer service employee’s need to use when talking with a client. The guidelines should explain exactly how a caller must prove they are who they say they are. It might mean establishing a phone password or security questions but something that would identify that caller. And remember, with Facebook, LinkedIn and the other social media out there, security questions should probably not entail address and phone number because that information can be found online.
- Annually have Social Engineering training with staff. Explain the procedures that have been implemented and make sure employees are updated with examples of Social Engineering techniques.
Click here to view the article: Hackers Press the ‘Schmooze’ Button. If you have any questions about Social Engineering, please contact us today.
By Chris Griesemer, IT Security Specialist