| Social Engineering in its basic form is hacker talk for | | | | 3. Outside Contractors - Outside contractors should |
| manipulating computer users out of their username and | | | | have a security liaison to monitor their activities. |
| password. Social engineering really goes beyond just | | | | Security liaisons should be briefed on what work the |
| usernames and passwords. A well planned social | | | | contractor is hired to perform, area of operation, |
| engineering attack can destroy companies. All of the | | | | identity of contractor and if the contractor will be |
| most devastating information thefts have used some | | | | removing items from the work site. |
| sort of social engineering attack. Social engineering is | | | | 4. Dumpster Diving - The easiest way to get |
| so effective because computer admins and security | | | | information about anyone is to go through their trash. |
| experts spend all their time patching systems and not | | | | Shredders should be used in all cases or shredding |
| training employees about information security. | | | | services should be hired. Also, the Dumpster should be |
| Information security goes beyond patching computers, | | | | in a secure location and under surveillance. |
| it is a combination of physical security, computer | | | | 5. Secretaries - They are your first line of defense, |
| network policy and employee training. | | | | train them to not let anyone into your building unless |
| This article will describe many of the common security | | | | they are for certain whom they are. Security cameras |
| flaws that information thieves take advantage off and | | | | should be place in the main entrance way and also on |
| how you can prevent them. | | | | the outside of the building. A thief who is probing your |
| 1. Web sites Information - Company web sites are the | | | | network will test to see if he is challenged upon |
| best place to start when gathering information. Often a | | | | entering the building, cameras can help identify patterns |
| company will post all their employees names, email | | | | and suspicious people. |
| addresses, positions and phone numbers for everyone | | | | 6. NO PASSWORDS - Make it company policy that |
| to see. You want to limit the number of employees | | | | the tech department will never call you or email you |
| and phone numbers listed on a web site. Also, live | | | | asking for your username or password. If somebody |
| active links to employee email addresses should be | | | | does call and ask for a password or username red |
| avoided. A common mistake is a company's email | | | | flags will go up every where. |
| user name will be the same as their network logon, | | | | 7. LOG OFF - Social Engineering attacks get the |
| example: email address of has a user name of jsmith | | | | hacker into the building and they will usually find many |
| for the network with the same password for email | | | | workstations where the user hasn't logged off. Make it |
| and the network. | | | | company policy that all users must log off their |
| 2. Phone Scams - Scamming someone on a phone is | | | | workstations every time they leave it. If the policy is |
| very simple. Company employees need to be trained | | | | not followed then the employee should be written up |
| to be courteous but cautious when giving callers | | | | or docked pay. Don't make a hacker's job any easier |
| information over the phone. One hacking scam is a | | | | than it already is. |
| hacker will call a company posing as computer | | | | 8. Training - Information security training is a must for |
| salesmen. The salesmen will ask the secretary what | | | | any size company. Information security is a layered |
| type of computers they have, do they have a wireless | | | | approach that starts with the physical structure of the |
| network and what type of operating systems they run. | | | | building down to how each work station is configured. |
| Hackers can use this information to plan their attack on | | | | The more layers your security plan has the harder it is |
| the network. Train your employees to refer any IT | | | | for an information thief to accomplish his mission. |
| related questions to Tech Support. | | | | |