Social Engineering

Have you ever been curious as to why people arrange their desks so that people can’t look behind them or have film protecting their monitors from being viewed by passersby?  It’s not just because they want to keep their coworkers or their bosses from seeing what they are doing or not doing.  We live in a world where information is a controlling force.  Everyone has so much information on their computers and other devices that we need to take steps to protect this information.  By having your monitor(s) protected from other people you are reducing the risk of “shoulder surfing.”  This is a method where people look over your shoulder either physically or with a camera in hopes of getting your password, pin or other important information.  That’s not the only way that hackers and other thieves can gain access to your digital world.  Some thieves will take it a step further and impersonate legitimate personnel.  This could be as simple as receiving a phone call from someone pretending to be part of your IT help desk.  They will have a conversation that sounds legitimate and then at some point ask for your username and password.  They could also impersonate a technician in an effort to gain access to the server room.  Employees should take steps to ask the right questions to verify that the people trying to gain access to server rooms or passwords legitimately need access.  Very seldom will an IT person need your credentials to work on your system.  Generally your IT department has tools to remotely access your system with your permission.  Don’t be fooled by people asking for access.

Whether people casually ask you about your work, send you free USB drives, send official looking emails, or show official looking credentials, you shouldn’t give your credentials to anyone.  Regardless of whether you are the janitor or the CEO of the company, if you give out your credentials, a skilled hacker can gain access easier with your credentials.  Always use a password that is complex (using numbers, capital letters, and symbols) and easy for you to remember.  Never write down your password and leave it where someone can find it.  Your passwords should be changed at a minimum of every 90 days.  You should also have a password on your mobile devices and have them set to auto lock.  Technology is great, but there are risks of identity theft and more out there.  Please be safe and exercise caution in this digital world!

Share this Post

Leave a Reply

Your email address will not be published. Required fields are marked *