Reinforce the chain
Employees are the first line of defense against social engineering schemes. It’s imperative that management provide them adequate tools to combat would-be scammers, including:
- Comprehensive policies and procedures that go beyond the obvious threats and address scenarios unique to the organization;
- Security awareness training that includes custom role-based training for positions most vulnerable to social engineering tactics;
- Systematic controls like a shared vendor/visitor tracking system that accounts for local vendors at remote branches; and
- Frequent reminders (e-mails, posters, tips of the week) to staff about the organization’s commitment to security.
The most advanced firewalls, intrusion detection systems, and video surveillance can’t offer much protection against social engineers who use unsuspecting employees to breach security and access sensitive information.
The best defense is well-trained and well-equipped employees who understand their role in protecting the interests of the organization.
Management must provide staff with the training, guidance, and tools to effectively combat this growing threat.