Social Engineering: A Psychological Hacking to Temper Medical Security - Proceedings of All India Seminar on Biomedical Engineering 2012 (AISOBE-2012)

Biomedical Engineering Reference

In-Depth Information

A Word of Caution

Consider how targeted individuals will react to being deceived. If you have to

work with them afterward, the good will you may lose could cost you. For this

reason, companies tend to err on the side of caution, often selecting impersonal

email-based scenarios in place of confrontations by phone or in person. You can

easily get into trouble without a written approval for the scenario from

your manager or client, and preferably from their manager as well. If you are a

consultant, you will be wise to seek a lawyer's perspective before accepting

the project.

Arm Yourself with Knowledge

Employees ARE your biggest security threat. Many employees are unaware that

certain actions are not safe. Others may know the actions are unsafe, but are

willing to take the chance to avoid what seems like a burdensome security pro-

cedure. These training courses do not stop at simply describing why certain actions

are unsafe. They also discuss how to detect and prevent future information

leakage.

Prevention from Social Engineering Attacks

The best combat strategy against social engineering is user awareness that these

attacks do happen. Examples of social engineering exploit:

• A confused and befuddled person will call a clerk and meekly request a pass-

word change.

• Seemingly powerful and hurried people, identifying themselves as executives,

will telephone a new system administrator and demand access to their account

IMMEDIATELY!

• At an airport, somebody will look over a shoulder (''shoulder surfing'') as

telephone credit card numbers or ATM PINs (sometimes even using binoculars

or camcorders) are keyed.

• A visitor, incognito, will watch as you enter a login-ID and password at your

keyboard.

• Somebody will call and confidently instruct a computer operator to type in a few

lines of instruction at the console.

• An attacker will sift through your paper trash (also known as ''dumpster div-

ing''), looking for clues to unlock your IT treasures or financial life.

• Here are some good practices:

Search WWH ::

Custom Search

Home