Social engineering is the process of obtaining information from others under false pretences. It is based upon building an inappropriate trust relationship and can be used against employees, particularly those within organisations where sensitive assets or information are held. For example, it could be an attempt by an unauthorised individual to gain entry to a site, to gain access to an organisation’s secure IT systems, or to persuade someone to share some protected information, using a bogus pretext.
NPSA have produced guidance - Social Engineering Guidance for Employers: Understanding the Threat - to advise security managers about the threat of social engineering and what steps they can take to mitigate this. To help organisations with this endeavour NPSA has also created a complementary campaign entitled 'Be Savvy about the Social Engineer' which has been developed to help organisations educate their employees about social engineering.
Hostile actors use a range of tactics and techniques which are evolving all the time. However, organisations can help to reduce their vulnerability to a social engineering attack by educating their staff to:
The campaign aims to raise awareness about what social engineering is, what an approach might look like, and how staff can better protect themselves against this type of threat.
This NPSA campaign addresses these six key issues:
No dialogue, background music playing