Skip to main content

Social Engineering

Network Security Icon

Social engineering is the simplest and most common way that cybercriminals gain access to confidential information. Hackers know it is much easier to convince a human to break the security rules they are asked to follow than it is a programmed firewall. The goal of Social Engineering testing is to train and educate employees to be the first line of defense.


Employ a variety of real-world techniques to mimic the way hackers are currently targeting organizations. Our offerings includes the following:

  • Phishing Assessment: SBS sends an email appearing to be from a legitimate source (e.g., core banking provider, internet service provider) and asks recipients to respond to the email. Recipients of the email are then directed to a website where they are asked to enter confidential information.
     
  • Telephone Impersonation: SBS calls the organization and tries to convince the customer representative into giving them confidential information by impersonating various entities.
     
  • Physical Impersonation: SBS physically goes inside the organization and identifies themselves as someone else (e.g. telephone repairman, system provider) as they try to access information by looking over people’s shoulders, looking at papers on employee’s desks, or by gaining physical access to systems.
     
  • Mobile Storage Device Misuse: SBS leaves a removable media device in the path of an employee. When an employee inserts the device into their workstation, a transmission is sent to the SBS office to advise them the media device had been inserted into the system.
     
  • Dumpster Diving: SBS will gather the trash from the organization’s dumpsters and search through it for confidential information.
     
  • Personalized Social Engineering Scenario: SBS will work with you to create a social engineering scenario unique to your institution.

 


✔ THE SBS ADVANTAGE

  • An SBS network security engineer with knowledge of your environment will execute your test and provide recommendations to mitigate the risks discovered.
  • Following your audit our experienced consultants are available to provide expert guidance to help determine the most important and appropriate steps needed in addressing results.
  • Easy-to-read, management-ready reports include testing results and recommendations to mitigate risks.
  • Automate your remediation action plan with complimentary access to the TRAC™ Action Tracking module.

     

    Testimonial Icon"FDIC examiner is here. He absolutely LOVES your stuff. He had not seen your network security and IT audit work before and has been praising you for the past two days!"  - Rhonda Stover, YNB