Social engineering awareness training

Social engineering awareness training - Protection against data attacks using psychological methods

As part of social engineering awareness training we answer the question of "What is social engineering?" and point out methods that you can use to resist a social engineering attack. No employee is too insignificant to be part of an attack of this nature; no security system is so thorough that it can resist psychological tricks. Awareness is the best weapon in the battle against social manipulation.

What is social engineering?

Social engineering is the targeted psychological manipulation of employees who have access to sensitive company information. During a social engineering attack, criminals spare no expense to identify suitable candidates and ways to win their trust. Their targets can be anyone: from managers through to a cleaning lady with access to the data centre.
Attackers make contact with the victim and use information gleaned from the victim’s social environment to appear credible and earnest. This could be a call from an old school friend, or an email from a colleague from the company’s branch office, apparently looking for assistance. Often the methods used during the attack are so subtle that the victim does not even realise that he or she has been targeted. However, once the victim has released apparently harmless information, sensitive company information is there for the taking.

How to counteract a social engineering attack

Awareness is the most important weapon in the battle against social engineering. From managers down to trainees, it is important to be aware of the common methods used when contact is made maliciously. Potential targets should be identified, and then made aware of this type of cyber espionage. In general, you can help to prevent social attacks by making the entire company aware of the methods of social manipulation.

In addition, it can be useful to make it harder for attackers to access sensitive information. This includes information on responsibilities for critical areas, as well as avoiding “password recycling”, where employees use the same password for various (often private) networks.

RiskWorkers’ seminars

We prepare your company to fight social attacks. We instruct groups of up to 12 participants in how to identify potential targets within the company. Participants learn the techniques used by attackers to make contact with their targets, and how manipulation takes place via targeted communication and “cold reading”. As part of the seminar, RiskWorkers will point out possibilities to protect oneself on a personal and structural level.

As social engineering affects everyone who has contact with a company, the seminars take a broad approach, applying to employees and relatives through to external reception staff. You can choose whether to offer the seminar in-house or as a training session at a location of your choice. Seminars generally take place from 9 am to 5 pm, but we can also be flexible in this regard.

Contact us today and we can immediately help your company to combat the risks of social manipulation.