Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.
The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.
Examples of techniques employed by hackers include:
- Unobtrusively observing over your shoulder as you key in your password or PIN.
- Calling helpdesks with questions or being overly friendly
- Pretending to be someone in authority.
Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.
By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.
- Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.
- Conduct regular security awareness training so that all staff are kept up to date with security related issues.
- Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.
- Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.
- Put an information classification system in place to protect sensitive information.
Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.
About The Author
Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.
www.a2solutions.co.uk, raylward@a2solutions.co.uk
|
|
|
|
|
|
|
Online Shoppers, Beware of a New Scam
Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However,... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
Phishing - Learn To Identify It
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
How Can Someone Get Private Information From My Computer?
From the "Ask Booster" column in the June 17, 2005... Read More
Internet Shopping - How Safe Is It?
Millions of people make purchases online, but many people are... Read More
Pharming - Another New Scam
Pharming is one of the latest online scams and rapidly... Read More
From Spyware with Love!
It's late. You've been scouring the web for that perfect... Read More
What is Spyware?
The most frustrating part of having Spyware on your computer... Read More
Do You Know What your Kids Are Doing Online?
It's a sad statistic, but hundreds of unsuspecting kids are... Read More
Internet Privacy
Over the past few years as the internet has become... Read More
The Attack of the Advertiser - Spy Mother Spy
The menacing campaigns that drive the corporate spyware and adware... Read More
The Move to a New Anti-Virus Model
This is the second in a series of articles highlighting... Read More
Why you Must Secure your Digital Product and Thank You Web Page
A couple of years back, I paid my dues the... Read More
Mail Forwarding - Why Would You Do It?
First of all we need to get some terms stated.... Read More
An Open Door To Your Home Wireless Internet Network Security?
This is not some new fangled techno-speak, it is a... Read More
Dont Allow Hackers to Take Out Money from Your Bank Account
If you know what is the 'Fishing' then it's very... Read More
Firewalls: What They Are And Why You MUST Have One!
A firewall is a system or gateway that prevents unauthorized... Read More
Is Spyware Watching You?
Imagine my surprise when I received a phone call from... Read More
What Every Internet Marketer Should Know About Spyware
If you run any type of Internet business, Adware and... Read More
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without... Read More
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living... Read More
Email Scams ? Ten Simple Steps To Avoiding Them
According to the Anti-Phishing Working Group (APWG) email scams also... Read More
Its Time to Sing the Encryption Song - Again!
Yes, I'm wearing my encryption hat again. Why you may... Read More
Watching the Watchers: Detection and Removal of Spyware
If spyware were a person and he set himself up... Read More
Phishing-Based Scams: A Couple of New Ones
Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More
Breaking Into Your PC: News...
You'd better learn news from media, not from emails, security... Read More
Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers
I am the victim of an internet scam. It is... Read More
Delete Cookies: New-Age Diet or Common Sense Internet Security?
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More
Network Security 101
As more people are logging onto the Internet everyday, Network... Read More
Top Five Spyware Fighting Tips
Spyware and adware are becoming major problems for online surfers... Read More
New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue
In 1997, I decided after 15 years as a practicing... Read More
What Can Be Done About Spyware And Adware
Having a good Spyware eliminator on your computer is vital... Read More
6 Ways To Prevent Identity Theft
These six ways to prevent identity theft offer you valuable... Read More
Why Corporations Need to Worry About Phishing
Phishing is a relatively new form of online fraud that... Read More
How To Avoid Hackers From Destroying Your Site?
Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More
The Bad Guys Are Phishing For Your Personal Information
Do you know what "phishing" is?No, it doesn't mean you... Read More
Securing Your Accounts With Well-Crafted Passwords
In the past I've never really paid much attention to... Read More
Secure Your PC From Hackers, Viruses, and Trojans
Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More
Lets Talk About Antivirus Software!
Nowadays more and more people are using a computer. A... Read More
Be Aware of Phishing Scams!
If you use emails actively in your communication, you must... Read More
Hacking Threats and Protective Security
The 1998 Data Protection Act was not an extension to,... Read More
The Important Steps To Protect Your Kids on the Internet
Internet is the ocean of knowledge. In this ocean you... Read More
Backup and Save your business!
There you are busily typing away on your PC or... Read More
40 Million People Hacked - YOU as Identity Theft Victim
Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More
Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda
Fishing on the Internet has come a long way. However,... Read More
Check Out That Privacy Policy
Before you enter your name, address or any other data... Read More
Internet Shopping - How Safe Is It?
Millions of people make purchases online, but many people are... Read More
Top Ten Spyware and Adware Threats Identified
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
How to Know Whether an Email is a Fake or Not
A few nights ago I received an email from "2CO"... Read More
Email Scams ? Ten Simple Steps To Avoiding Them
According to the Anti-Phishing Working Group (APWG) email scams also... Read More
What to Look for before You Purchase Spyware Software
Huge number of spyware software applications are available in the... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
The Saga of the Annoying Adware
When we think of adware, what comes to mind are... Read More
Spyware ? Your Web Browser is the Culprit!
My first experience with a spyware BHO based infection was... Read More
Virus and Adware - Fix them Both!
We all get the odd virus now and then, but... Read More
Don?t Become An Identity Fraud Statistic!
"You've just won a fabulous vacation or prize package! Now,... Read More
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
Is The Internet Over Regulated
Today's Internet or World Wide Web is being over regulated.But,... Read More
Identity Theft - Dont Blame The Internet
Identity theft ? also known as ID theft, identity fraud... Read More
Watching the Watchers: Detection and Removal of Spyware
If spyware were a person and he set himself up... Read More
Mall Protection
The Loss Prevention Manager should be receptive to the needs... Read More
Spy Scanners ? Don?t Compromise your Privacy
Spies, spyware, internet parasites are among what they are usually... Read More
Crack The Code - Thats A Direct Challenge
I Challenge You To Crack The Code ------------------------------------- I had... Read More
Internet Security |