Protection Against Social Engineering

Updating security network and preventing data theft - anti-virus software, firewalls,

and email and spam filters - is no doubt important. However, focus should be on the

human element when it comes to social engineering. Education of your staff, teachers,

students, etc. is your first line of defence against social engineering attacks. Organisa-

tions should increase security awareness among all employees by providing compre-

hensive training programs so that they are not tricked into revealing sensitive informa-

tion.

Below are some tips that would help protect against attacks:

Security experts recommend the implement of social engineering penetration tests to

help administrators identify assets most-at-risk and types of attacks. This would help

provide focused security training to specific employees.

1. For any unrequested email you receive, make sure it came from a trusted

source, even if it is from what looks like a trusted company you deal with. For

example, you could check their phone number.

2. Before you click on that link or open/download attachment, make sure it is

safe even if it comes from a sender you trust because it could be a Trojan. Call

the phone number and ask about the attachment.

3. Never reply to unsolicited email messages with confidential or financial infor-

mation. Remember legitimate organisations and companies do not contact

you to provide help unless you request it.

4. Write policies or review existing ones related to outgoing transactions and

make sure they are followed.

Author: Mariam Al Mahrooqi

13 |

July 2018

DoIT Newsletter