As a follow up to Security Awareness Training, I challenge you to do some Social Engineering tests!
Social engineering can be done remotely, using telephone and carefully crafted email messages to try to coerce the employee to provide information they should not be providing. Giving away sensitive information, passwords, clicking on an email and unknowingly downloading malware are pretty much red flags.
On-site social engineering uses techniques to gain physical access to office locations, and once inside, to find information physcially displayed, gain access to a network, or locations normally considered to be off-limits.
Some organizations regularly are testing their employees through email campaigns to see if anyone takes the bait. It may seem a bit harsh, testing your own employees’ security awareness, but it’s a fact these days that it’s best if you find out if further training is needed, before the bad guys beat you to it.
Sr. Account Executive