On-Site Social Engineering
Social engineering involves testing your employees’ security awareness when confronted with an unauthorized third-party attempting to manipulate the employee into disclosing confidential information. Such tests provide insight into how effective your organization’s policies and procedures are at mitigating social engineering threats, how well the employees adhere to established policies and procedures, and the level of security awareness that exists among employees.
Our method
Expert information security analysts who have conducted social engineering engagements for companies across a wide range of industries, evaluate the human factor, identify security issues that need improvement, and document compliance shortfalls.
We have designed both onsite and remote test methods. When onsite, our experts use various techniques, such as “Trusted Authority” disguises, to gain physical access to obtain records, files, and/or equipment that may contain confidential information. When performed remotely, our experts employ tactics, such as pretext calling, phishing and email hoaxes, that attempt to get employees to divulge usernames, passwords, protected information or other confidential information.
Our services include:
- Pre-engagement setup with client (includes project planning, scope, defining rules of engagement, information gathering)
- Spoof emailing (if applicable)
- On-site testing for:
–Employee security and privacy policy awareness and adherence
– Proper disposal of sensitive data
– Access privileges
– Sensitive area security
– Device/system compromise
– Violation reporting - Present preliminary findings to client core team through exit interview