Business Memo free essay sample

With the advancement of technology in the work place, the opportunity for malicious users to infiltrate and corrupt your business increases. Knowing what types of methods these individuals are using will help you in developing preventative measures. Keeping employees informed of the ways to recognize and respond to social engineering techniques are important to an organizations overall information security program. The two types of social engineering threats business face are local and remote social engineering. Being able to recognize when someone is attempting to use a social engineering technique is critical. Far too many employees are unaware of the consequences that can follow by clicking an unknown link on an email as well as responding to random text messages via SMS. It is important for upper-level management and executives to provide training to employees to make them aware of possible social engineering attacks. Ensuring that employees understand what privileges they have on company information systems and the various methods attackers use can help mitigate future social engineering success. We will write a custom essay sample on Business Memo or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Social engineering is a method of tricking users into divulging confidential information. One of the forms of social engineering is local engineering. More specifically, dumpster diving is a local social engineering method that requires the attacker to search through the organizations trash hoping to collect useful inside information. Some of the items that can be recovered by the malicious user are hard copies of documents, invoices, or a discarded computer device such as USB drives. One tactic for mitigating this threat is ensuring documents and data are properly destroyed before discarding. For example, using a paper shredder to destroy hard copies of documents before throwing them in the trash. Also, wiping hard drives clean before disposing of them ensures nothing can be retrieved should they be found. Another method of local social engineering is shoulder surfing. During shoulder surfing an attack observes an individual with the intent of gathering information. The malicious user can use anything from video cameras, binoculars, and even casually interacting with the clueless employee. The main tool used against shoulder surfing is employee awareness. When a company educates their employees on the possibility of shoulder surfing, the employees become more conscious of the threat. Being aware of this issue they can now take precautionary measures to prevent their information from being viewed. Along with local social engineering, remote social engineering has become a security threat as well. Advanced technology has allowed attackers the ability to threaten a business without the need of physically being located near the company. These attackers can target victims using email, inter and phone services. Phishing is a remote social engineering threat that uses misrepresentation as its form of contact to a user. Attackers attempt to trick a user into visiting a fake website and retrieving their credentials. They can now exploit that users information. Spam is another method used by attackers that send unwanted e-mail messages to users. These e-mails contain links that claim to provide reputable services or products. When the user clicks on the link, the attacker gains information through phishing or plants a virus through the users connection. Spam can also come through phone calls. Attackers call users claiming they have received an award or have been entered in a drawing for a prize. If the user trusts the caller they will provide the information requested and become susceptible to attack. This type of spam is called SPIT, or Spam over Internet Telephony. Again, the most effective way of preventing these attacks is through user education. Explaining the dangers of responding to unverified communication you have received can help employees become aware of the many threats on their information system. Having employees that are educated in the many forms of both local and remote social engineering will help prevent successful malicious attacks to your company.