Because security isn't all about technology.
While the threat of compromise or loss of data through technologically sophisticated attacks is very real, the threat of physical theft and manipulation of your employees can be an equal or even greater concern—especially if you have public-facing facilities and services that can be easily located by an outsider. Companies are more likely to be attacked if they are regularly processing and storing sensitive customer information such as protected health information (PHI data protected by HIPAA-HITECH).
Increasingly, attackers are identifying weak points within company physical security measures and through company employees who are duped into providing direct access or revealing sensitive information like login credentials. This approach is called social engineering fraud and involves manipulating human beings into divulging information—or performing actions—which they would not normally divulge. Social engineering techniques often include deceit, coercion or pretexting manipulation individuals.
The goal? To gain access to sensitive information or areas of a facility that are off-limits. Hopefully your physical security, policies and procedures, and employee training are all working together to defend against such attacks. Performing a social engineering engagement test is one of the best ways to test your employees' understanding of organizational policies and identify where risk remains and must be addressed.
A social engineering engagement tests a broad spectrum of measures, including:
- Employee understanding of organizational policies and procedures
- Physical security controls
- Visitor procedures
- Password policies
Ensure complete protection of PHI data.
We'll work with you to tailor the social engineering testing to your specific needs, including defining sensitive data in your environment like HIPAA-HITECH-protected PHI data. ControlScan's security consultants conduct various social engineering techniques and tests to determine the degree to which your system could be compromised and your employees' understanding of policies and procedures, exploited. We then provide an analysis of the weaknesses surfaced as well as recommendations for improving your security and implementing best practices in order to further strengthen your defenses.