Computer Security - Preventing Social Engineering Attacks

 


Visitors: 428

Social Engineering in its basic form is hacker talk for manipulating computer users out of their username and password. Social engineering really goes beyond just usernames and passwords. A well planned social engineering attack can destroy companies. All of the most devastating information thefts have used some sort of social engineering attack. Social engineering is so effective because computer admins and security experts spend all their time patching systems and not training employees about information security. Information security goes beyond patching computers, it is a combination of physical security, computer/network policy and employee training.

This article will describe many of the common security flaws that information thieves take advantage off and how you can prevent them.

1. Web sites Information – Company web sites are the best place to start when gathering information. Often a company will post all their employees names, email addresses, positions and phone numbers for everyone to see. You want to limit the number of employees and phone numbers listed on a web site. Also, live active links to employee email addresses should be avoided. A common mistake is a company’s email user name will be the same as their network logon, example: email address of jsmith@nocompany.com has a user name of jsmith for the network with the same password for email and the network.

2. Phone Scams – Scamming someone on a phone is very simple. Company employees need to be trained to be courteous but cautious when giving callers information over the phone. One hacking scam is a hacker will call a company posing as computer salesmen. The salesmen will ask the secretary what type of computers they have, do they have a wireless network and what type of operating systems they run. Hackers can use this information to plan their attack on the network. Train your employees to refer any IT related questions to Tech Support.

3. Outside Contractors – Outside contractors should have a security liaison to monitor their activities. Security liaisons should be briefed on what work the contractor is hired to perform, area of operation, identity of contractor and if the contractor will be removing items from the work site.

4. Dumpster Diving – The easiest way to get information about anyone is to go through their trash. Shredders should be used in all cases or shredding services should be hired. Also, the Dumpster should be in a secure location and under surveillance.

5. Secretaries – They are your first line of defense, train them to not let anyone into your building unless they are for certain whom they are. Security cameras should be place in the main entrance way and also on the outside of the building. A thief who is probing your network will test to see if he is challenged upon entering the building, cameras can help identify patterns and suspicious people.

6. NO PASSWORDS – Make it company policy that the tech department will never call you or email you asking for your username or password. If somebody does call and ask for a password or username red flags will go up every where.

7. LOG OFF – Social Engineering attacks get the hacker into the building and they will usually find many workstations where the user hasn’t logged off. Make it company policy that all users must log off their workstations every time they leave it. If the policy is not followed then the employee should be written up or docked pay. Don’t make a hacker’s job any easier than it already is.

8. Training – Information security training is a must for any size company. Information security is a layered approach that starts with the physical structure of the building down to how each work station is configured. The more layers your security plan has the harder it is for an information thief to accomplish his mission.

Sign up for the most popular wireless networking news letter on the internet. Simple and Secure http://www.wirelessninja.com

(698)

Article Source:


 
Rate this Article: 
 
3 Tips on Preventing Panic Attacks
Rated 4 / 5
based on 5 votes
ArticleSlash

Related Articles:

Secrecy A Security Deterrent To Social Engineering

by: Christopher Okoh (November 25, 2005) 
(Internet and Businesses Online/Security)

Social Security Number Search – How to Find People by Social Security Numbers

by: Kirk Randolph (March 06, 2007) 
(Legal)

Understand social security benefits and maximize your social security income

by: Frank Wilson (August 22, 2011) 
(Insurance)

Maximize your social security benefits using a social security calculator

by: Frank Wilson (August 22, 2011) 
(Insurance)

Social Engineering

by: Neil Grogan (May 13, 2005) 
(Internet and Businesses Online/Security)

Preventing Panic Attacks

by: Melissa Leanne Davies (May 27, 2008) 
(Self Improvement/Stress Management)

Social Engineering: You Have Been A Victim

by: Darren Miller (March 18, 2005) 
(Internet and Businesses Online/Security)

Social Engineering and Pretexting

by: Brandon McVey (May 02, 2008) 
(Internet and Businesses Online/Security)

Preventing Panic Attacks Fear No More

by: Lynne Jones (July 09, 2008) 
(Health and Fitness/Anxiety)

3 Tips on Preventing Panic Attacks

by: Michael Porteous (May 30, 2008) 
(Self Improvement/Stress Management)