Security
Social Engineering
"Social Engineering" sounds ominous. What does it mean? Social Engineering is essentially "people hacking".
According to SANS Institute, "Social Engineering is the acquisition of sensitive information or inappropriate access privileges by an outsider, based upon the building of inappropriate trust relationships with insiders. It is the art of manipulating people into actions they would not normally take. The goal of a Social Engineer is to trick someone into providing valuable information or access to that information. It preys on qualities of human nature, such as the desire to be helpful, the tendency to trust people and the fear of getting into trouble. The sign of a truly successful Social Engineer is they receive the information without raising any suspicion as to what they are doing.
-Social Engineering: Policies and Education a Must. Rick Tims. SANS Institute.
We can fight Social Engineering by following some common sense guidelines:
- Don't give your passwords away to anyone.
- Don't reuse your passwords when going online for business or personal matters.
- Don't have confidential conversations in public settings.
- Shred sensitive information before throwing it in the recycle bin.
- Show caution when opening email attachments.
- Don't respond to or forward unsolicited email advertisements, chain letters, and hoaxes.
- Password-protect your email account.
- Log out of sensitive programs when you walk away from your computer.
- Turn your computer off when it is not in use.