Social Engineering

A Definition

How would your behavior change if your wallet, homes and mailboxes could be accessed from around the world as computers can? Often referred to as the “single greatest security risk,” social engineering has rapidly emerged to dominate information security discussions in the U.S. and abroad. Social engineering is:
“the practice of obtaining confidential information by manipulation of legitimate users.”

Becoming Aware

Technical controls alone cannot prevent social engineering attacks. Your employees may be the weakest link in your information security chain. Lack of awareness, special employee privileges, vendor relationships and possible breeches of confidentiality can make your company vulnerable to social engineering attacks.

Factors enhancing a company’s vulnerability include:

Large number of employees
Multiple facilities
Phone extension information made available
Information of employee whereabouts left in voice mail messages
Lack of security training and incident reporting plan
Lack of data classification system

Our Solutions

BKD Risk Management Group can help you prepare for these types of attacks with simulated pretext phone calling, spoofing, phishing and physical access attempts and the use of malware and counterfeit web sites for security testing. We can help you evaluate your organization’s security posture, test your incident response plan and raise employee awareness. We can help you reach your information security goals.

For More Information

Contact your BKD advisor or:
Cindy Boyle, CPA, CFIRS, CIA
Managing Partner
501.372.1040