Social Engineering
Social engineering is the manipulation of people within an organization or company to release confidential information in order to gain access to areas, computer systems or information with the intent to commit fraud, network intrusion, industrial espionage, identity theft, or to bring major disruption to the system or network.
A social engineer is essentially a ‘con’ person, who uses a form of psychological interaction to trick humans somehow to break security protocol. Common methods of social engineering are to pose as someone who needs to gain access to a system to fix an urgent problem, or the use of intimidation/authority, or even eavesdropping or offering something attractive in exchange for information. They rely on the fact that sometimes people are careless about protecting valuable information and they will go as far as dumpster diving, shoulder surfing for access codes (looking over someone’s shoulder while that person punches in a secure code and memorize it), or looking for passwords taped to a computer. They also prey on people’s tendency to use passwords that can be easily guessed.
Security experts everywhere have concluded that as our culture becomes more dependent on information technology, social engineering will always be the biggest threat. No matter how much money is spent to create a secure network, it will be people who remain the weakest link. It is important to educate everybody about the value of information and how to protect it.
UWG’s Information Technology Services will make an effort to increase its employee's and student’s awareness of how social engineers operate. Here are some tips for you to consider:
- Keep your passwords easy to remember but difficult to guess by using a combination of letters, numbers and a special character. Poor, weak passwords are easily cracked, and put the entire system at risk. Passwords should not be based on well-known or easily accessible personal information.
- Do not display information that should be secure, for everybody to see.
- If you’re going to throw it away, use a shredder!
- When punching in a security access code or password, do it discretely. Try not to show the whole world!
- Don’t let anybody ‘borrow’ your password, not even if you know that person.
- For other forms of social engineering go here for more information:http://en.wikipedia.org/wiki/Social_engineering_(security)#Social_engineering_techniques_and_terms
- If you are contacted by anyone looking for information that could compromise our network, please call the IT Service Desk immediately at 678-839-6587 and ask for UWG’s IT Security Officer.