Social engineering is a collection of techniques
used to manipulate people into performing
actions or divulging confidential information.
In many instances unauthorized individuals use
social engineering to target your users into
clicking on links in e-mail messages, visiting
fake websites, downloading and installing
software, and divulging sensitive or personally
identifiable information. In a business
environment, social networks can share
information with customers, staff, suppliers,
business contacts, investors, etc. Sales and
marketing personnel can use social networks to
engage in communications with customers and
prospects and become a resource. Since
communication is performed electronically,
hackers can pose as an imposter on a social
network to entice users to perform actions,
disclose trade secrets, click on links to sites
with Malware, etc.
Social Engineering
Users have a responsibility to help protect
sensitive and proprietary information. With
sufficient security education and awareness
training, they are your front line of defense.
Security mechanisms can include:
- Security training - users should receive
periodic security education about the types
of risks they face and the impact on the
organization.
- Spam filters - filters can ensure fake
messages never even reach the user.
- Firewalls - firewalls can limit and
restrict user access to websites.
- Protection software - anti-malware
software helps protect users from known
viruses, worms, Trojan Horse programs,
spyware, and other related threats.
Social Networking
Social network policies and procedures should
require settings that protect users and the
organization from Internet threats. The examples
listed below show how to protect users from
social networking related threats.
- Visibility - change the default setting
to restrict access to a user's profile.
Change access to just friends.
- Contacts - configure the settings to
ensure that friends are not shown on the
user profile page.
- Applications - uncheck enable public
search results. This helps ensure that
search engines don't have access to
postings.
- Photos - without the proper
restrictions, tagged photos can be seen by
others. Configure the privacy settings to
restrict access to photos.
- Postings - develop a procedure to
monitor staff postings to ensure
organization sensitive information is not
disclosed on social networking sites. Tools
can collect and analyze information found on
thousands of social networking pages.
Network security audits help ensure the
organization's assets have the proper security
controls in place.
Social
engineering security assessments help
protect your sensitive data and intellectual
property by evaluating and testing the
effectiveness of your employee security
education and awareness training. Formal and
documented policies
ensure a top down approach to managing security
risks.
Security Blog menu
Tags: social engineering | social networking
| social networks | user security training |
social engineering security assessment
|