Computer Forensics

BS7799 - Security Audits

Penetration Testing

Social Engineering

If I wanted to find out your user name and password could I do it? If I call you and say ‘Hi I’m John, can I have your password please?’ you would likely say ‘No’. However, rather frighteningly a street survey by Infosec Europe in 2004 managed to get 70% of people questioned to give up their password in exchange for a bar of chocolate. (If you don’t believe me check the link - http://news.bbc.co.uk/1/hi/technology/3639679.stm).
This is a little worrying; your company’s’ carefully thought through password policies undermined by a light snack. This indicates that often people are prepared to give up confidential information if they think that the person they are talking to has no nefarious intent.

This is a problem and you need to ask yourself some searching questions:-

• Do I have policies and training in place for staff to follow for sharing internal information? This is an issue in many companies as it is not immediately clear who is in charge of such a policy. It is security, but not an explicit IT problem; it is an HR issue but not usually in their remit either.
  
• Are my staff aware of the risks of giving away information? It may be logical to most staff what information is deemed confidential but seemingly innocuous requests can be used by an attacker to create the illusion of pretending to be a staff member in a future call.
  
• I’ve spent thousands on perimeter security such as a Firewall but how much have I spent protecting against the scammer on the phone?

CSITech can provide face to face or e-training for your staff to ensure that they are fully equipped to deal with this key threat to your business

home  l  about us  l  news  l  contact us