With expertise in…
Social Engineering
A Definition
How would your behavior change if your wallet, homes and mailboxes could be accessed from around the world as computers can? Often referred to as the “single greatest security risk,” social engineering has rapidly emerged to dominate information security discussions in the U.S. and abroad. Social engineering is:“the practice of obtaining confidential information by manipulation of legitimate users.”
Becoming Aware
Technical controls alone cannot prevent social engineering attacks. Your employees may be the weakest link in your information security chain. Lack of awareness, special employee privileges, vendor relationships and possible breeches of confidentiality can make your company vulnerable to social engineering attacks.Factors enhancing a company’s vulnerability include:
- Large number of employees
- Multiple facilities
- Phone extension information made available
- Information of employee whereabouts left in voice mail messages
- Lack of security training and incident reporting plan
- Lack of data classification system
Our Solutions
BKD Risk Management Group can help you prepare for these types of attacks with simulated pretext phone calling, spoofing, phishing and physical access attempts and the use of malware and counterfeit web sites for security testing. We can help you evaluate your organization’s security posture, test your incident response plan and raise employee awareness. We can help you reach your information security goals.For More Information
Contact your BKD advisor or:Cindy Boyle, CPA, CFIRS, CIA
Partner
501.372.1040
