The Reliant Social Engineering Testing evaluates whether adequate physical security exists and employees are properly trained to prevent unauthorized access to sensitive information. These simulations help heighten staff awareness to potential real world threats that may target them. Sensitive information is not limited to but may include items like, backup tapes, removable media, statements, reports or paper with sensitive customer information, or physical access to the institutions Local Area Network. Social engineering simulations are clearly designed to evaluate the institution as whole and not to single out inadequate employee performance.
Process
Reliant’s Social Engineering Testing service follows the basic process outlined below:
- Determine scenarios, scope, and approach with relevant staff
- Conduct tests (onsite, telephone, and email)
- Review results with staff
- Write report of all vulnerabilities including remediation steps
- Review report with internal staff
Items Reviewed
Reliant utilizes real-world scenarios to test proper staff responses including the following:
- Pretexting – Reliant will imitate employees to trick others in the organization into giving up sensitive data such as passwords, also included are checks to determine if the organization has proper controls to handle vendors and visitors
- Phishing – Reliant will send specially crafted emails to a random sample of employees to try to trick them into navigating to unsafe web pages and to give up sensitive data
- Baiting – Reliant will leave specially crafted CDs, USB drives, flyers, etc to determine if staff will run software on the devices or visit web pages Dumpster
- Diving – Reliant will review controls over externally accessible trash and recycling to determine if sensitive data can be obtained
- Online – Reliant will review the online profiles of staff members to determine if sensitive data is being leaked from the organization