Locked Preventing social engineering

[dEEpEst]

Preventing social engineering

There are a number of strategies companies can take to prevent social engineering attacks, including the following:

- Make sure information technology departments are regularly carrying out penetration testing that uses social engineering techniques. This will help administrators learn which types of users pose the most risk for specific types of attacks, while also identifying which employees require additional training.

- Start a security awareness training program, which can go a long way toward preventing social engineering attacks. If users know what social engineering attacks look like, they will be less likely to become victims.

- Implement secure email and web gateways to scan emails for malicious links and filter them out, thus reducing the likelihood that a staff member will click on one.

- Keep antimalware and antivirus software up to date to help prevent malware in phishing emails from installing itself.

- Stay up to date with software and firmware patches on endpoints.

- Keep track of staff members who handle sensitive information, and enable advanced authentication measures for them.

- Implement 2FA to access key accounts, e.g., a confirmation code via text message or voice recognition.

- Ensure employees don't reuse the same passwords for personal and work accounts. If a hacker perpetrating a social engineering attack gets the password for an employee's social media account, the hacker could also gain access to the employee's work accounts.

- Implement spam filters to determine which emails are likely to be spam. A spam filter might have a blacklist of suspicious Internet Protocol addresses or sender IDs, or they might detect suspicious files or links, as well as analyze the content of emails to determine which may be fake.