Social Engineering
People are often the weakest link in the security chain. The best security systems can easily be undermined by employees who are not aware of the risks.
Unaware employees are the weakest link in the chain.
The best firewalls. Two-step authentication. The best antivirus. The strongest password policy. All of these measures can be wiped out by employees who are unaware of security risks.
Investigate the security awareness of your employees.
Employees are often unaware of the security risk they can pose to your organization. A social engineering test gives you a clear insight into the awareness of your employees. This allows you to take measures such as awareness training or refreshing the presence of a security policy.
Test the effect of realistic Social Engineering scenarios
Employees who are not aware of the security risks are a weak link in the security of your organization. The best security mechanisms can be easily bypassed by unaware employees. Very effective and often the fastest route for an attacker.
Phishing
With a phishing attack, your employees are approached in large numbers by email or social media to open a rogue link or application to leave their login details. Gain insight into the dangers of phishing for your organisation and the actions of your employees.
Spear phishing
In spear phishing the attack is not blunderbuss, but focused on one person. It makes use of public information to creatively and sophisticated craft an attempt to extract information and infect systems.
USB sticks
Are your employees aware of the dangers of USB Flash Drives? Will a found USB flash drive be plugged into company systems? By leaving malicious USB flash drives in and around your organization, it is effectively demonstrated what the consequences can be.
Vishing
Voice phishing (Vishing) is an effective method of trying to get information from employees over the phone. Does your IT department just reset passwords as a result of a phone call? Do your employees disclose sensitive company data or even their log-in details?
Mystery Guest
With a Mystery Guest, the aim is to creatively gain physical access to your premises and servers. How do your employees deal with people who do not belong in your building? Do your employees just disclose passwords when they are approached and are computers locked?
More about Mystery GuestPenetration test
Social engineering can be integrated with a penetration test. This way, not only statistics will show that employees have been trapped, but our Ethical Hackers will try to gain direct access to your network and systems through malware combined with Social Engineering.
More about a penetration testWeerbaar blijven tegen Social Engineering
Social engineering is done in a creative way and prevention lies mainly in a continuous awareness among employees and the right response and detection mechanisms when an attack is successful.
- Are your employees aware of security?
- Can you monitor malicious activity such as phishing mails?
- What are the actions when social engineering is discovered?
- Are you able to find the cause if things go wrong?