As world practice shows successfully conducted breakups (successfully attacking, of course), most of the problems associated with it problems with people. To be more precise – it is in their ability to give any information or to make a completely wacky action. Such terms as “phishing” and “social engineering” is often interpreted in relation to the types of scams.
Social engineering – it is the content that fraudulently makes users carry out dangerous actions, such as to disclose confidential information or to download the program. Phishing is by far one of the most common types of social engineering. In fact, phishing is scouting for access to the bank accounts of unsuspecting users. It is common in countries where popular online banking services. Most often “Phishers” use fake emails supposedly sent by the bank, asking you to confirm your password, or notice of the transfer of large sums of money. By contrast, social engineering scams tend to be more focused, and specifically targeted.
If you do not want to become another victim of the social engineers recommend the following remedies:
1. do not use the same password to access the external and corporate resources;
2. do not open emails from untrusted sources;
3. lock the computer when not in the workplace;
4. install anti-virus;
5. read the privacy policy of your company. All staff must be instructed on how to behave with visitors and what to do when it detects illegal entry;
6. discuss on the phone and in personal conversation, only the necessary information;
7. you must delete all confidential documents from portable devices.
In addition to penetration testing, security training and refresher courses play a key role in deterring and more self-destructive tendencies of enterprises human weakness. Education should take place at least twice a year, and be structured for each user group (management, IT, the overall user base, etc.).
Read more.