Social Engineering Assessments
Social engineering is the practice of exploiting weaknesses in the people involved in an organization’s information security or privacy programs. A typical scenario attempts to take advantage of an employee’s service focus to obtain non-public information about another customer or member. This is typically accomplished by preying on traits of human nature, such as empathy or compassion, or by using confusion to cause the employee discomfort with the process of handling the inquiry.
A Social Engineering Assessment conducted as part of a pen-test or as a stand-alone service, mimics the social engineering attack with a number of scenarios designed to assess customer-facing personnel’s ability to detect and repel potential breaches to their organization. The assessment can be performed over the phone, at the branch or both. Scripts may be customized for the organization based on Management's concerns or other factors that merit focused testing.