Friday, September 19, 2014

Who is really asking you for information? Social Engineering
A social engineer is a person that will deceive or con others into divulging information that they wouldn’t normally share. It is one of the most commonly used methods of hacking. By building trust with their victims through deception and lies, a social engineer will try to get information that can be used later, usually for wrongdoing. If someone phones or appears and asks you for information that you know is confidential company, client or personal information, don’t be afraid to ask them a few questions yourself.

To protect data by phone
  • Ask for the correct spelling of the caller's name.
  • Ask for a number where you can return the call.
  • Ask why the information is needed.
  • Ask who has authorized the request and let the caller know that you will verify the authorization.

To protect data in person
  • Ask for some identification.
  • Ask who has authorized this request so you may verify the authorization.
  • If you are not authorized to provide that information, offer to locate the correct person.
  • Seek assistance if you are unsure.
The above excerpt was taken from MSMC's Office of Information Technology Policies and Procedures document.  (Version 3.0, March 2013)

No comments:

Post a Comment