Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.
The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.
Examples of techniques employed by hackers include:
- Unobtrusively observing over your shoulder as you key in your password or PIN.
- Calling helpdesks with questions or being overly friendly
- Pretending to be someone in authority.
Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.
By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.
- Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.
- Conduct regular security awareness training so that all staff are kept up to date with security related issues.
- Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.
- Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.
- Put an information classification system in place to protect sensitive information.
Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.
About The Author
Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.
www.a2solutions.co.uk, raylward@a2solutions.co.uk
|
|
|
|
|
|
|
|
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet... Read More
File Sharing - What You Need to Know!
File sharing on p2p is soaring despite the music and... Read More
Reporting Internet Scams
When it comes to reporting Internet scams most of us... Read More
Firewall Protection - Does Your Firewall Do This?
The first thing people think about when defending their computers... Read More
Dont Miss Information Because of Misinformation
It has been said that with the wealth of information,... Read More
Make Money Online - Defend Against The Latest Scam
First, let's do a little recap'. As I stated in... Read More
Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk
The trash folder in my main inbox hit 4000 today.... Read More
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive... Read More
Viruses and Worms: The Problems and Their Solutions
History and BackgroundThe virus was one of the first ever... Read More
How To Clean the Spies In Your Computer?
Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More
Types Of Computer Infections
Computer infections can be broken up into 4 main categories... Read More
How to Fight Spyware
If you are wondering how to fight spyware for safe... Read More
The Top Twelve Threats No Computer User Should Ignore
The internet is undoubtedly a fantastic resource for families and... Read More
Network Security 101
As more people are logging onto the Internet everyday, Network... Read More
Burning Bridges is Bad, But Firewalls are Good
When you signed up for that ultra-fast DSL or Cable... Read More
Spyware Symptoms
Spyware symptoms happen when your computer gets bogged down with... Read More
What is Spyware?
The most frustrating part of having Spyware on your computer... Read More
How To Give Away Your Personal Information
Identity Theft and Your Personal Information Identity theft is... Read More
Protecting Your Children On The Internet
If you are a parent, as am I, I think... Read More
Top Spyware Removers Considerations
Only the top spyware removers are successful at detecting and... Read More
Is That Free Stuff Like An iPod Or Desktop Computer Really Free?
Have you seen the web site, www.freestuff.com? Or have you... Read More
Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing
The Internet offers a global marketplace for consumers and businesses.... Read More
An Open Letter From a So-called Stupid
Someone recently told me, "You would have to be a... Read More
Password Security and Safety
There is nothing more important that password security in world... Read More
The Truth About Hiding Your Tracks on the Internet
Ok, ok, I know you've seen them. All those pop... Read More
6 Ways To Prevent Identity Theft
These six ways to prevent identity theft offer you valuable... Read More
3 Steps to Ending Scams and Virus Problems
Watching how the traditional media covers the latest virus or... Read More
Passwords or Pass Phrase? Protecting your Intellectual Property
Much has been said on the theory of password protection... Read More
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living... Read More
Phishing - Learn To Identify It
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
Why you Must Secure your Digital Product and Thank You Web Page
A couple of years back, I paid my dues the... Read More
Hacking the Body Via PDA Wireless Device
First I would like to stress I am condoning the... Read More
With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions
High-tech private investigators are becoming the answer for many Internet... Read More
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type... Read More
Computer Security
What is computer security? Computer security is the process of... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
3 Simple Steps to Stay Safe from Spyware
There are several basic concepts to keep in mind when... Read More
Wireless Network Security
Working from home has its advantages, including no commute, a... Read More
Are They Watching You Online?
When surfing the Internet you probably take your anonymity for... Read More
Password Security and Safety
There is nothing more important that password security in world... Read More
Internet Privacy
Over the past few years as the internet has become... Read More
Top Spyware Removers Considerations
Only the top spyware removers are successful at detecting and... Read More
The Never Ending Spyware Story
It's been with us since 1993, it's gotten more intrusive,... Read More
3 Pervasive Phishing Scams
Scams involving email continue to plague consumers across America, indeed... Read More
Securing Your Accounts With Well-Crafted Passwords
In the past I've never really paid much attention to... Read More
How To Give Away Your Personal Information
Identity Theft and Your Personal Information Identity theft is... Read More
Delete Cookies: New-Age Diet or Common Sense Internet Security?
No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More
Breaking Into Your PC: News...
You'd better learn news from media, not from emails, security... Read More
SCAMS ? Be Aware ? And Report When Necessary
The Internet is a vast International Network of people and... Read More
I Spy...Something Terribly Wrong (In Your Computer)
This really chapped my lips...I recently bought a new computer.... Read More
From Spyware with Love!
It's late. You've been scouring the web for that perfect... Read More
How To Clean the Spies In Your Computer?
Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More
8 Surefire Ways to Spot an E-Mail Identity Theft Scam!
The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More
Viruses, Trojans, and Spyware - Oh My!
Have you ever had to call Symantec or McAfee to... Read More
Hacking the Body Via PDA Wireless Device
First I would like to stress I am condoning the... Read More
Personal Firewalls - Secure Your Computer
There has not been a time in the history of... Read More
Web Browsing - Collected Information
You may not realize it, but as you are surfing... Read More
Be Alert! Others Can Catch Your Money Easily!
So called phishers try to catch the information about the... Read More
Why you Must Secure your Digital Product and Thank You Web Page
A couple of years back, I paid my dues the... Read More
Is the Internet Insecure Because of You?
Long gone are the days that we could feel secure... Read More
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without... Read More
Remove Rogue Desktop Icons Created By Spyware
If you have used a Windows machine for a while,... Read More
File Sharing - What You Need to Know!
File sharing on p2p is soaring despite the music and... Read More
Phishing-Based Scams: A Couple of New Ones
Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More
Hacking Threats and Protective Security
The 1998 Data Protection Act was not an extension to,... Read More
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive... Read More
Internet Security |