How would your behavior change if your wallet, homes and mailboxes could be accessed from around the world as computers can? Often referred to as the “single greatest security risk,” social engineering has rapidly emerged to dominate information security discussions in the U.S. and abroad. Social engineering is “the practice of obtaining confidential information by manipulation of legitimate users.”
Technical controls alone cannot prevent social engineering attacks; your employees may be the weakest link in your information security chain. Lack of awareness, special employee privileges, vendor relationships and possible breeches of confidentiality can make your company vulnerable to social engineering attacks.
Factors enhancing a company’s vulnerability include:
- Large number of employees
- Multiple facilities
- Phone extension information made available
- Information of employee whereabouts left in voicemail messages
- Lack of security training and incident reporting plan
- Lack of data classification system
BKD IT Risk Services (ITRS) can help you prepare for these types of attacks with a wide range of social engineering services and programs, including simulated pretext phone calling, spoofing, phishing and physical access attempts and the use of malware and counterfeit websites for security testing. We can help you evaluate your organization’s security posture, test your incident response plan and raise employee awareness—and help you reach your information security goals.