Connect with us

Hi, what are you looking for?


Another Security Breach!

How often do you hear about company personnel loosing data on the train, in a corner shop or even at the gym? Unfortunately, such incidents keep occurring on almost a daily basis. More worrying, however, is a recent revelation that many accidentally reveal passwords and user-names to anyone posing as a member of their organisation, for example, an IT support worker or a senior manager.

Shocking? Yes, it is. Some employees actually assume that anyone found within their office premises is a member of staff, whereas, the unfamiliar face in your office building asking you for confidential information could actually be an intruder with the sole aim of stealing information from you. Sometimes the impostor does not even have to go as far as being physically present in the office premises, a simple phone call could actually do the trick as proved by an experiment conducted at the BBC.

This act of gaining private information (for example, on a computer system) by a stranger pretending to be a legitimate person is termed as social engineering. Oftentimes, social engineering has been widely ignored in our society as a serious form of security attack; however, it can have very negative consequences on companies and individuals alike. Most times an attacker would appear respectable, claiming to be a member of the organisation and could even go as far as producing a form of identity to support his claims. Other times, he could take the cheaper route by simply checking the rubbish or even shoulder surfing.

Although some argue that this form of attack is not completely preventable, the following measures could assist in putting it under control.

  • Unsolicited telephone calls, emails or visits should be handled with care especially when the individual appears to be interested in internal information. If in doubt, take every necessary measure to verify their identity.
  • Organisations should invest more time and money in training employees about their network and security policies. Sometimes, it is actually the person who is most liable and not the infrastructure.
  • Data leakage can also be reduced by limiting the number of private information about company staff that is made available on the company website as they could be used by hackers to plan a social engineering attack.
  • Physical security is also important. Access to computing facilities and office premises should be restricted while the identity of contractors should be revealed to employees and security personnel.
  • Wastes should be disposed properly and securely for example, by shredding paper documents. This would help to prevent dumpster diving.

Written By

Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like


Probably you heard about browser hijackers – these are hackers’ software that can change the search engine of the browser and start redirecting it...


Image Source (CC BY-SA 2.0) by Christiaan Colen At this point, it’s safe to say that most internet users have some basic understanding of the concepts of...


We all know that malicious hackers are lurking everywhere on the web, and it’s easy for us to become the next preys if we...


After launching a successful DDoS attack, what is stopping a hacker from going after the same victim again? The initial DDoS trends of 2014...