Because social engineering is such an effective way to attack information systems, and companies are riddled with various ways to interact with those systems, new vectors of social engineering attacks are made possible every day. Think of how many ways in which you communicate online.
There are all kinds of social media available to you and your employees. You've got Twitter, LinkedIn, Facebook, Instagram, Google+, YouTube, Yammer, etc, and the list goes on. Then there are all kinds of corporate tools like Skype, DropBox, Outlook, Microsoft Teams, Basecamp, and so on. You text, use WhatsApp, cameras, and read from e-readers.
There are methods to protect yourself and your business, thus preventing advanced social engineering attacks. You should be changing passwords frequently- but that’s not a wide enough security measure to keep things safe. (We’ve already seen that passwords are basically useless- but no worries, we can help you there too with our Endpoint Security Broker solution.)
Some of the big questions to ask in order to prevent social engineering attacks are: Who’s listening? And who’s watching? Furthermore, how do you find that out?
This policy should be created for the social media account manager, the blog editors, or the marketing department who create and send public collateral. Take a look at some of the points in these corporate social media policies:
However great these examples are, the buck doesn’t stop here. Check out this infographic to learn about other ways to help your organization stay safe.
Any employee who elects to use personal social platforms should be held responsible for messages they send publicly or privately.
Most end users within your company should also be operating under the principle of least privilege (PoLP). This practice gives them the access they need on their machine, nothing more and nothing less. There are very few people within an organization who need Admin rights. This sits with the SecOps and Ops Teams. Everyone else should have PoLP in place to decrease the risk of user-error.
This is the practice of offering end users a set of options for one piece of software. For example, your company may offer two different ways to listen to music like iTunes or VLC Player and that’s it. Downloading another type of mp3 player would be a violation of the terms your company has set up, giving way for vulnerabilities to be exploited.
By enforcing social media policy, giving end users least privilege, and setting up Controlled Choice, you are helping your business prevent social engineering attacks.