April 17, 2013
Business Memo: Social Engineering Threats
With the advancement of technology in the work place, the opportunity for malicious users to infiltrate and corrupt your business increases. Knowing what types of methods these individuals are using will help you in developing preventative measures. Keeping employees informed of the ways to recognize and respond to social engineering techniques are important to an organizations overall information security program. The two types of social engineering threats business face are local and remote social engineering. Being able to recognize when someone is attempting to use a social engineering technique is critical. Far too many employees are unaware of the consequences that can follow by clicking an unknown link on an email as well as responding to random text messages via SMS. It is important for upper-level management and executives to provide training to employees to make them aware of possible social engineering attacks. Ensuring that employees understand what privileges they have on company information systems and the various methods attackers use can help mitigate future social engineering success. Social engineering is a method of tricking users into divulging confidential information. One of the forms of social engineering is local engineering. More specifically, dumpster diving is a local social engineering method that requires the attacker to search through the organizations trash hoping to collect useful inside information. Some of the items that can be recovered by the malicious user are hard copies of documents, invoices, or a discarded computer device such as USB drives. One tactic for mitigating this threat is ensuring documents and data are properly destroyed before discarding. For example, using a paper shredder to destroy hard copies of documents before throwing them in the trash. Also, wiping hard drives clean...