Your security is only as strong as the least prepared employee
The term “social engineering” has been used for years by hackers to describe the technique of using persuasion and/or deception to gain access to information systems. DataComm’s Social Engineering Service can root out and document potential areas of weakness. We will identify areas that need improvement, document compliance shortfalls pertinent to regulatory agencies, and assist you in developing security awareness training to fix the issue.
Our methodology mirrors our approach to security assessments. We begin with target identification and information gathering, followed by exploitation attempts. We systematically apply these principles in a customized approach which depends on the objectives of the particular situation. Some organizations may have incident response procedures in place to report suspicious phone calls. DataComm can test these procedures by making obvious attempts at gaining confidential information without proper authorization. This is an excellent way to test the effectiveness of a security awareness training program, or lay the foundation for creating an awareness program.
- Email – DataComm collects publicly available email addresses and tests the associated users by requesting sensitive information such as usernames and passwords be submitted via a spoofed website portal.
- Telephone – DataComm contacts users at multiple office locations and tests to see if they will disclose sensitive information such as IP Schemes and user information.
Detailed Reports with Recommended Solutions
- Review of existing documented policies & procedures
- Comparison of existing policies & procedures to industry standards
- Spot checks on the policies & procedures to measure compliance
- Review of security training & awareness initiatives
- Analysis of training vs. compliance