Learn how to defend against social engineering. Lisa Bock stresses how a successful defense requires effective information security policies, standards, and user education. Best practices include knowing who is on the phone, knowing who is in your building, knowing your employees, using strong passwords, and employing browser and webpage security.
- [Voiceover] Defending against social engineering…in an organization is difficult.…We cannot defend using hardware and software alone.…Therefore, a successful defense requires effective…information security policies, standards, and education.…There are some best practices.…Know who is on the line.…Use caller ID for all calls and if possible,…use a separate ringtone for inside calls.…Hesitate before transferring an outside call.…Hackers use social engineering to navigate a company…and learn the names of key employees.…
Take down the name and the number…and forward the message to the appropriate person.…Create help desk procedures, so employees know how…to verify someone on the other line.…Know who's in your building.…Allow only authorized individuals to roam…freely about the building.…Provide an escort if possible.…Any service people must show appropriate identification.…Train receptionists to make a phone call when unsure,…especially when requesting forbidden information or access.…
Know your employees.…While in the building, have employees wear…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures