How-To Deal With Social Engineering Attacks
Let’s face it. There are not many better ways of getting insider information that by social engineering attacks. They can be as harmless as a person calling to ask for the name of the person running the technical support department - to as complex as entering the premise to take “spy” photos of equipment, personnel, and networking and server “closets”, all while asking important questions about the items that they see.
So How do We Protect Ourselves?
First off, never ever give a password out over the telephone. This is rule number one when it comes to social engineering attacks. Next, think twice before answering a question - maybe even defer the question to someone else and inform the party that another representative will contact them regarding their question.
The short and narrow is this. Any information given out may be used as part of a social engineering attack. It is really this simple. So it comes down to deciding what information the general public may have regarding your company or department. It is also critical that management be involved with this or unforeseen consequences of plan will find their way in.
What’s the Best Policy?
The best policy is to always say that information is regarded as a company asset and is not available to the general public.
Using this method, no information leaks should be possible; unless a slip occurs. While slips are frowned against, it is certainly better to keep all information about your business to yourself.