Social Engineering Testing
Evaluating employee security awareness and adherence to policy
While many people equate the terms “data breach” and “security incident” with hackers who break through our cyber defenses with malicious technical attacks, those of us in the security business know that very often the weakest link in our organization’s security posture is the “people factor.” Social Engineering is a collection of techniques for intentionally manipulating people into providing inappropriate access to sensitive or exploitable information, information systems, or workspaces.
Your greatest security threat may be human nature itself
The event may be a completely non-technical form of intrusion or it may involve cutting-edge technology, but the key is that it depends on human interaction for success—or failure, depending on your perspective. Very frequently it involves tricking people into compromising normal security policies and procedures by exploiting the typical human desire to be friendly and helpful and to avoid confrontation.
To ensure that your organization has a robust and effective approach to information security, you simply must know how well your employees understand your policies and procedures—and adhere to them in real-life scenarios. Allied InfoSecurity’s Social Engineering Assessments deliver an objective evaluation of your employees’ awareness, training, and policy adherence. Through such an assessment you can:
Understand the effectiveness of your employee security awareness initiatives
- Evaluate the completeness of your security policies and procedures
- Determine whether physical access can be gained to you facilities by a motivated intruder
- Determine whether such an intruder can gain access to sensitive work areas, documents, or information systems
Although we customize every engagement based on each client’s unique concerns and infrastructure, Social Engineering Assessments often include both external and internal reviews. Typical elements of a Social Engineering Assessment can include:
Remote Data Leakage Analysis and on-site Reconnaissance
- “Dumpster Diving” and sensitive document handling and disposal tests
- Facility Penetration Tests
Employee Email and Telephone “Phishing” tests
- Found and Implanted Device tests
- Other elements: desk-checks, visitor check-in and escorting, security guard effectiveness, etc.
As part of each assessment, Allied InfoSecurity delivers a detailed report outlining your strengths and weaknesses. Perhaps most importantly, every Allied InfoSecurity report contains actionable recommendations for resolving each issue.
To learn more how social engineering can impact your security, download our article: Social Engineering Assessments: Evaluating employee awareness and training.
To discuss how to best identify your organization’s social engineering
vulnerabilities and assess employee adherence to security policy, contact us at firstname.lastname@example.org, or call 866.240.0094.