Social Engineering Readiness
What is Social Engineering
Social engineering attacks take place daily and are among the most successful ones in the security industry because they tend to bypass most security defences by exploiting the weakest link – the human element. Attackers often utilise phishing emails that aim to prompt corporate employees to click on a URL or sometimes call employees to tell them they are from an internal team (e.g. IT support) and they need their account credentials while another common way is to leave a removable drive (i.e. USB flash memory) in plain sight so employees will be tempted to plug it to their machines.
The best solution to prepare for any social engineering attack is to train your employees to be able to identify and avoid it. We can help you review the current level of social engineering awareness within your estate and then arrange training sessions and workshops in order to help mature it.
We run phishing campaigns which simulate an external attacker’s approach, without the malicious consequences. We can provide useful statistics in order to identify where your employees are lacking and what training is required to promote security awareness.
We can review the technical defences you have in place and enhance those to better protect your business in the event of social engineering attacks. Enhanced email filtering, acceptable use policies, removable media usage, data loss prevention mechanisms and security software updates (to recognise potential scam sites or suspicious IP addresses) are some of the aspects that can help you avoid a social engineering breach.