Daquan,What, according to you, are the necessary countermeasures for preventing social engineering and identity theft?
Social engineering pertains to methods and acts done to gain access to unauthorized areas, networks, systems and hardware by means of human interaction in lieu of technical means. Penetration testers are very skilled at this and without proper rules being in placed and members of an organization enforcing them, penetration testers are often successful. Even with firewalls, antivirus software and malware protection, a crafty penetration tester, social engineering tactics can be used to gain unauthorized access. To counter social engineering and identity theft, rules and policies need to be not only in place but everyone must adhere to and follow them. One of the most common ways social engineering is used to gain unauthorized access is through piggybacking. Members of an organization need to adhere to anti piggybacking policies and ensure that if there is someone in an area that requires a special access badge they need to report that person. Never allowing someone to follow them into a restricted area, or use their credentials to allow someone into an area. Protecting passwords, using strong passwords or passphrases as well as safeguarding logon credentials such as common access cards is important as well. Reporting any suspicious activity is important as well to protect against social engineering methods. It is also important that users are educated on methods such as phishing and other email scams that are aimed to get users to click on a link which is malicious or download attachments that will infect a network. Education is the biggest prevention method as many users are not even aware of the threats, signs to look for or even how to report them. These methods will help prevention of social engineering and identify theft however it is important to know that continued education and training is the best way to counter these attacks.