Who is the weakest link?
Social Engineering Testing
Social engineering testing is implemented to check the security policies and practices defined by entities which are properly followed by employees or not.
ValueMentor’s testing method helps employers to evaluate how an employee could easily break the security rules and exploit highly sensitive information. And also, we help them to get a better understanding of how successful their security training is and how the organization stacks up, security-wise, in comparison to their peers.
Social Engineering Methodology
Our experts sent an anonymous e-mail to employees and then we ask for verification which links to a fraudulent web page that looks legitimate and askes for information regarding that organization. Similar other process involving are phone phishing, SMS phishing.
- Quid pro quo:
We conduct something for something method. A random call is made to an employee and begins a friendly chat, with or without their knowledge the attackers will install malware to the company system.
It works as a real world trojan horse. Through an external USB device, the malware is injected to a system and this will share data when the system is connected to the internet.
- Dumpster diving
Involves inspecting employee’s trash cans for printouts and pieces of paper that were not utilized in a paper shredder and may contain sensitive corporate information
Features of Social Engineering Testing
This will help in providing details to uncovering security weaknesses.
- Physical security
- Determines proper usage and disposal of sensitive data.
- Whether employees are having security awareness