Here are some warning signs Kevin Mitnick advises to look out for:
Someone making a request:
- Refuses to give you their contact information
- Makes an out-of-the-ordinary request
- Rushes what they claim is an "urgent" request
- Mirrors your interests and background
- Lays on too much flattery
- Intimidates by using authoritative commands from management
- Offers help with an unknown problem
- Claims the request has been approved by management
How to build resistance to manipulation:
- Demonstrate personal vulnerability (role-play to demonstrate social engineering techniques)
- Train employees to focus on the nature of requests, not the context in which they are made
- Verify the identity of those making requests and their authority to do so
- Modify enterprise politeness norms
- Change attitudes toward information â€" protecting versus sharing
- Educate personnel why security protocols are critical
- Provide employees with stress management and assertiveness training
How to respond to incidents:
- Know when you've had one!
- Train employees to properly document suspicious events
- Issue security alerts when suspicious activity is noticed
Thwarting social engineering attacks:
- Define security policies and procedures
- Conduct security awareness training
- Get a social engineering penetration test
- Do some periodic dumpster diving
- Classify data and handling practices
- Implement a clean-desk policy â€" otherwise people leave too much information lying around in plain view!
This article was first published in Technology & Business magazine.
Click here for subscription information.
Hello,
This is part of my research. I would like to write a thesis in computer security, specializing in Social Engineering. Could you provide me with some examples of good titles?
Thanks in advance,
Christian