2. Social Engineering
The lowest form of hacking by causing users to perform actions
or divulge confidential information.
1-855-AVENTIS | AventisSystems.com
4. Gaining access to a network by posing as someone with
authority
1-855-AVENTIS | AventisSystems.com
Impersonation
5. Gaining information by looking over someone’s shoulder
1-855-AVENTIS | AventisSystems.com
Shoulder Surfing
6. Gaining access to sensitive information on paper that has been
thrown away
1-855-AVENTIS | AventisSystems.com
Dumpster Diving
7. Attacker leaves a piece of media in a place to be found
Labels media with something intriguing
Someone plugs it in to see what is on it
Malware is immediately installed
1-855-AVENTIS | AventisSystems.com
Computer-Based: Baiting
8. Ensure employees are properly trained
Keep passwords private
Never write down passwords
Never open emails that are not verified
Never install unknown media
1-855-AVENTIS | AventisSystems.com
Ways to Protect Yourself
9. Let Us Help You
1-855-AVENTIS | AventisSystems.com
Advanced IT Services - Network & Security Solutions
● http://www.aventissystems.com/Network-and-Security-Solutions-s/8262.htm
Hover & Click
Did you know shoulder surfing and dumpster diving can lead to stolen passwords and data breaches?
In this webinar, ‘Don’t Fall Victim to Social Engineering Traps’ we share best practices to avoid such situations.
When people think of Information Security they often think of viruses, or a guy in a dark room hacking into their banking credentials. They rarely think about the social engineering aspect of intrusion until it’s too late. Social engineering comes in several forms, all of which are the lowest form of hacking by causing users to perform actions that divulge confidential information. There are many forms of social engineering, and we are going to discuss the primary threats companies face today.
Amber Interjection
This is a very important topic, Kyle. Where do we begin?
You’re right about its importance, Amber. Social engineering can involve human or computer-based traps. Human social engineering traps require person to person contact and include impersonation, shoulder surfing and dumpster diving.
Impersonation can be used to gain access to a network by posing as a repairman, IT support, manager or trusted third party like an auditor.
Impersonation tends to work well because it is human nature to trust people with credentials of authority.
On the other hand, someone who is shoulder surfing can gain sensitive or login information by simply looking over someone’s shoulder in a public place.
Dumpster diving can provide access to any sensitive information on paper such as account information on mail or passwords that have been written down.
Amber Interjection
That is scary to think about the intrusiveness of those human social engineering traps.
Exactly, Amber. Now, a common computer-based form of social engineering that can be tricky to identify is baiting. This is where the attacker creates a piece of media, such as a disk or USB flash drive, and leave it in a place it will likely be found like a sidewalk or elevator. Labeled with something intriguing that is related to the target company, an employee will pick it up and plug into their machine to see what is on the media. This is when the malware is installed into their machine. Once the autorun enables, the malware is installed, infecting the network.
Now that I’ve mentioned the most common types of social engineering, I want to share some quick best practices. It is very important to ensure that your employees are properly trained to do their part.
Keep all passwords private and never written down.
Never open emails that are not verified. Anything that looks suspect can be opened by someone else in a virtual environment to confirm its validity without compromising the network.
Never install unknown media. If something intriguing is found, even with a company logo, make sure that it is brought to someone's attention that can verify it’s authenticity prior to use.
Amber Wrap-up & Close
Thank you, Kyle, for these tips to avoid social engineering!
We want to point out the Advanced IT Services offered by Aventis Systems include security consulting services such as assessing social security threats as well as providing and implementing security best practices.
Make sure you sign up for our emails to receive product specials and keep up with our techie resources including webinars, blog articles, and more.
You can also stay up-to-date by following us on Facebook and Twitter @AventisSystems.