The following is a list of Security Recommendations listing prescriptive measures that should be implemented in order to prevent future intrusions and security breaches by using social engineering techniques.
1. Establish Security Policies - Social engineering attacks can have two different aspects: the physical aspect or the location of the attack, such as in the workplace, over the phone, dumpster diving, on-line, and the psychological aspect, which refers to the manner in which the attack is carried out, such as persuasion, impersonation, ingratiation, conformity, and friendliness. Combat strategies, therefore, require action on both the physical and psychological levels. Employee training is essential. The mistake many corporations make is to only plan for attack on the physical side. That leaves them wide open from the social-psychological angle. So to begin, management must understand the importance of developing and implementing well-rounded security policies and procedures. Employees must be well trained in order to follow the policies and make them work .Management should be willing to reprimand and or punish employees who regularly break security policies.
2. Suspicious emails- Instruct all users to never answer or reply to a suspicious looking email . These can include emails from unknown sources which request bank account information for whatever reason, claims of phony lottery prizes or free merchandise that is given away by clicking on URL links etc. If you cannot verify the identity of the sender and if the topic is not something relating to you it is recommended that those emails be deleted to prevent malicious code from being downloaded to the computer.
3. Preventing Dumpster Diving – Dumpster diving is a social engineering technique which consists of looking through the intended victims trash in order to find important personal information such as bank account and credit card numbers , social...