Thursday, 22 October 2015

How to Protect Your Organization from Social Engineering in 6 Important Steps

What is social engineering and how can it be a threat to your organization? 

Social engineering or “social hacking” as it is sometimes referred to, is a way in which people manipulate someone into revealing their confidential information such as passwords, account numbers, network access, or ID’s. As computer networks and programs improve their security, social engineering becomes more prevalent as a way to gain access to this restricted information, often shockingly easily. Rather than breaking into a computer system, they play psychological tricks 
to gain this information.

Barrie Social Engineering FraudSome common ways people use social engineering might be posing as a repairman or company representative such as a financial advisor. Recently a teen in the US gained access to the CIA Director’s email by posing as a Verizon worker.

Social hackers may use phone, the web, or even face-to-face tactics to gain information. They might call you posing as a representative from your bank claiming that your account has been flagged for suspicious activity, and demand personal information to “verify” your identity. A hacker may even pose as a collections agency demanding payments and threatening to arrest you if you don’t pay. You may receive an email claiming to be from the IT dept of your own company requiring restricted information to perform audits or system tests. Some hackers are dedicated enough to gain employment at their target in order to gather privileged information.

So how do you protect yourself from these types of psychological attacks? By following some simple guidelines you can make sure your organization does not fall victim to social hackers.

  1. Implement a policy at your organization and train all employees on proper security procedures. Empower them to take responsibility for your company's security by using critical thinking and creating a security aware culture. Require them to verify visitor IDs, and report suspicious activity.
  2. Implement proper storage and disposal of sensitive documents. Locked filing cabinets, paper shredders, and high-end network security are your best practices.
  3. Remember that it is not enough to have a strong password. Have different logins and passwords for different programs, change passwords often, and never reveal your password to anyone.
  4. Stand your ground. If you suspect someone is attempting to use these tactics on you, do not give in to intimidation.
  5. Damage control. If you suspect you may have fallen victim to a social engineering attack report the incident immediately to authorities, change all passwords, update your network software, and call your financial institutions or monitor your accounts.
  6. Hire a private investigator to complete background checks on employees as well as to help you further protect your organization from hacking and fraud.


Social engineering is a common way to gain confidential information, however you can protect yourself and your organization by staying vigilant and following the steps outlined above.

The Renwick Group has experience working with many different types of businesses and organizations providing skip-tracing, fraud investigations, WSIB support, legal team assistance, evidence gathering, employee background checks, and more. We also work with individuals who need help with personal matters. Call us at 1 (888) 722-9807 or visit our website for information.