The Social Engineering Threat

May 06 09 - 6:58PMGareth Jenkins, Head of Development Technology

The BBC News website recently ran a good article on the threat of social engineering attacks to companies. Social Engineering is the act of manipulating people into performing actions or divulging confidential information, and is regularly used by hackers these days as a (often easier) way to get access to logins and sensitive data. The most common example scenario involves someone posing as an IT Support engineer calling up an employee saying that they are investigating a problem with their account and need login details in order to sort it out. A worrying number of people will readily give out their details in such circumstances.

This route to gain logins and access is often seen as easier than resorting to technical attacks and traditional hacking by finding system weaknesses - it's been recognised that the weakest link in many security systems is now the employees/users.

As with many aspects of security in the digital age, education is the key. Staff should be made aware that this kind of thing is becoming more common-place as a practice and should make sure they keep themselves alert to the threat. It may well be worth looking at your internal processes for such things as password resets / forgotten password requests and also ensuring employees know not to give away login details unless they are 100% sure they know exactly who they are talking to.

In another example of social engineering outlined in the article, a consultant testing a company's security measures had the (key swipe locked) door held open for him by the Managing Director, enabling him to wander unchecked around the office gathering data and copying sensitive documents. Whilst holding a door open for another seems a natural act of politeness, it really needs bearing in mind that that person may be nothing to do with your organisation and there for nefarious purposes. Banks and many large organisations deal with this kind of threat by having complex single entry door systems and security guards, but few smaller organisations can afford this.

All in all, well worth a read and a little internal looking at your own organisation to ensure you are minimizing your risks.

http://news.bbc.co.uk/1/hi/technology/7843206.stm

TAGS: Social Media

Blog home Email a friend Print article Subscribe To Blog

Add new comment

Name*

Your email*

Upload image

Email me comments:

Subscribe to blog:

Comment*

About The Author

Gareth Jenkins

Gareth heads up the Development team at 4MAT, managing product development and all technical aspects of client service delivery. His working week varies between hands on development, architecting strategic technical solutions for clients and managing our team of hardworking developers. With over 8 years of history working with many different aspects of recruitment technology, he has a strong understanding of online recruitment and where it’s heading.

Subscribe by RSS

Tips for Social Media in Business

LinkedIn Twitter Integration No Longer Supported

Facts and Figures on Social Media

5 Essential LinkedIn Videos

Branding Digital PR Email Marketing Innovation Marketing Mobile Recruitment Recruitment Search engines Search Marketing SEO Social Media Social Recruiting Website Analytics Website Design Website development

Angela on Recruitment Videos and Twitter

Alex on Recruitment Videos and Twitter