Engineering
Home Privacy Books Magazines Music DVD Posters Bid Shopping

Engineering

Engineering for Authors
Submit Articles
Member Login
Author Benefits
Article Guidelines
Author Terms

for Publishers
Publisher Terms
RSS Feed

Site Resources
Advertise on this site
About Us
Sitemap
Sponsorship

Social Engineering - The Real E-terrorism?

By: Rhona Aylward

Article Word Count: 412



One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.

The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.

Examples of techniques employed by hackers include:


  • Unobtrusively observing over your shoulder as you key in your password or PIN.

  • Calling helpdesks with questions or being overly friendly

  • Pretending to be someone in authority.


Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.

By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.


  • Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.

  • Conduct regular security awareness training so that all staff are kept up to date with security related issues.

  • Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.

  • Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.

  • Put an information classification system in place to protect sensitive information.


Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.

Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.


www.a2solutions.co.uk


raylward@a2solutions.co.uk



Article Source: Engineering Guide
This article has been viewed 85 times.
Add to Del.icio.us | Digg | Furl

Other recent articles in the Engineering category:

Most viewed articles in the Engineering category:

  1. Insurance And The Engineer
  2. Engineer-to-order Erp Leader Encompix Selected By Formglas
  3. Mechanical Engineering Design
  4. Visibility.net Covers Lean Initiative In The Engineer-to-order Environment
  5. What Is Reverse-engineering
  6. Social Engineering - The Real E-terrorism?
  7. Superultramodern Engineering (seng)
  8. Know-how Engineering Of Chromatography
  9. Big Sky Engineering Goes Live With Encompix Eto Erp
  10. The Role Of Cd Mastering Engineers
  11. Engineer-to-order Erp Now To Include Configurator
  12. Productivity Engineering
  13. Chemical Engineering - A Convincing Argument
  14. Engineer-to-order Manufacturers Competitive Strategies Revealed In Automation.com
  15. Encompix Engineer-to-order Enterprise Resource Planning Winning Praise By Gehring In Michigan

Please feel free to submit your quality, informative article for our readers.


Untitled Page