You may have heard the term “social engineering” before. Social engineering refers to a form of attack tactic where an external party uses deception to mislead or manipulate an employee into revealing sensitive information, such as login details or account information. This creates security issues for their employers, especially in cases where passwords and other security sensitive data is divulged.
Social engineering attacks are a massive problem for both employee privacy and the business as a whole. It’s important to remember that the weakest link in your organization’s security is usually the people who work there, both the new hires and the veterans of the company. While companies are able to safeguard their customer information by investing significant resources into IT security and related technologies, their employees do not always take similar precautions with their own workstations and login details. Employers gather a great deal of personal data from their employees, and with this much data available for the gathering, many different approaches can lead to the same end result.
Employee privacy breaches can cause significant harm to a business (and to the employee’s own personal security) in ways that are both financial and reputational, leading to a loss of clients and future business. And if an employee’s personal data falls into malicious hands due to improper training or flawed technical infrastructure from the company, the employee is likely to leave disgruntled and pass this information along to friends and colleagues, causing further damage to the company’s reputation.
This is why it’s always a good idea for you to familiarize yourself with some of the most common social engineering tactics: by knowing what form the attacks take, you can better protect the privacy of your employees and, by extension, your customers.
Employee Privacy and Common-Sense Security
In this context, (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/esQfD-xCRuk/