Social engineering is the term used to obtain information from people without them realising what is going on.

A recent exercise carried out by one of our clients was to invite by email, specially selected employees (although all employees received the invitation) to take part in an exciting new venture. All, they had top do was to go to a secure web-site and enter their company log on and password to verify their interest. The recipients were warned not to talk about this venture to any of their colleagues as the matter was highly secret.

This company (that I will not identify) is accredited to ISO27001 and takes security very seriously but many of the employees did enter this confidential information into the web-site believing that it was quite innocent.

On a completely different angle and with Valentines Day approaching the chances of unauthorised entry to your organisation increases.

A delivery of flowers or chocolates is made, usually by a pretty girl, and the idea is to surprise the recipient so the usual security at reception is waived.

Entry to the company is that easy.

Social engineering can damage your security

Labels: information security, ISO27001, social engineering