Threats to the security of your organization cannot only come from malware, hacks, and network attacks, but also in more subtle ways. One such method is called “social engineering”.
Be aware that hackers have another tool in their toolset that employs a particularly subtle, insidious way of compromising the security of your systems and network. Called social engineering, it’s the use of psychological tricks to deceive targets into revealing potentially compromising information about the systems in their organization. In practice, it can be as simple as a hacker calling an employee and asking subtle questions to gain information, or posing as someone trusted, perhaps as building maintenance, walking in the doors of an organization to directly gain access to systems—or even searching through the trash and refuse left behind by employees. The popularity of social networking has also increased the danger with the ease and convenience of creating connections to potentially trusting members of your organization.
However, there are some actions you can take to protect your business:
- Create a policy outlining the proper handling and sharing of information online as well as offline.
- Put systems and procedures in place to protect your systems if sensitive information does get out—such as the regular replacement of passwords.
- Educate your employees about the threat. You cannot solve a problem if your people do not know that a problem exists in the first place. Awareness can be your best defense.