Milwaukee, WI · Washington, DC · Boston, MA

  1. Crisis Mode
  2. Data Security Measures
    1. Preparing For The Inevitable
      1. Building a Data Breach Plan
        1. Planning for the Initial Response/Investigation
          1. Social Engineering
          2. Develop an Investigation Plan
          3. Involve Appropriate Company Resources
        2. Building a Notification Plan
          1. Understanding The Laws
            1. State Laws
          2. Who Must Be Notified?
          3. How Will Notifications Be Completed?
        3. Media Issues
          1. Media Plan
          2. Dealing With The Media
        4. Government Agency Issues
          1. Creating a Government Response Plan
          2. Dealing With Government Inquiries
          3. Developing Relationships
        5. Customer/Consumer Issues
          1. Customer Retention Plan
          2. Customer Response Plan
        6. Building Relationships with Vendors/Suppliers
      2. Implementing a Data Breach Plan
        1. Coordinating among Company Departments
        2. The Role of Legal Counsel
      3. Testing a Data Breach Plan
        1. Assessing the Plan
        2. Mock Exercises
        3. Alter/Update as Needed
      4. Assessing Your Data Breach Vulnerabilities
        1. Catalog Your Personal Information
        2. Developing a Company Training Process
        3. Understanding Privacy Promises
        4. Preparing for the Unexpected
        5. Assessments/Audits
        6. Establishing a Point of Responsibility
        7. The Role of Legal Counsel

Social Engineering

The phrase "social engineering" has been used quite a bit in the media to explain a particular type of security incident that permits unauthorized users to gain access to otherwise secured systems. One computer security company defines social engineering as "a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures." At times, a would-be hacker simply calls the organization that he hopes to crack and pretends to be a technician, a repairman, or some other seemingly-genuine member of the company or outside consultant. Employees often provide these criminals with passwords or other access codes to gain entrance to systems that are otherwise secure.

Why should you be concerned about social engineering? Because such attacks are on the rise. In October 2007, Microsoft released research that showed an acceleration in the number of security attacks designed to obtain protected information through social engineering. As network security becomes more resistant to hacker attacks, data thieves must find different, and in many ways easier, methods to crack into data repositories.

Fortunately, adequate training and education among the workforce can decrease the risk of being a victim of social engineering. Appropriate planning and coordination among the various individuals in your organization are essential elements to training employees to resist such trickery. The time necessary to implement such a program is more than worth the protection and confidence of knowing that your company can identify and resist social engineering attempts.