Alicia: Hello again, I’m Alicia Kay Social Media Analyst here at HIPAA Vault, and this is Gil Vidals CEO. Today’s topic is social engineering hacks. So I know what a hack is. It’s when someone goes into your system and takes information from your system, but what exactly is social engineering?
Gil:That is a good question. Social engineering is when you’re using deceptive techniques to manipulate somebody to do something to do something to gain access to information.
Alicia: So basically, it’s using non technical means to extract unauthorized information?
Gil: That’s part of it, manipulation and deception is a big part of it too.
Alicia: Do you have an example just to help me understand it a little better too?
Gil: I do. I have a quick story for you and for the audience. There was a young man, a consultant in security, that told me an interesting story where he went to a CEO and told him that if he can provide all the payroll information for his company, would he be hire him as a consultant? The CEO said, hey, the bet’s on! So what this young man did was, he went to the parking lot and he sat in the car of the parking lot of this building and we waited till the employees came out for their break. He had a cigarette, smoked with them, befriended them, told a few jokes and when they walked in after the break, they opened the door for him and he came in. Once he was in the building, he asked who was sitting in a particular work station? They said oh, that administrative assistant is out for the day. So he sat there and used his technology to break into that system. Once he got into the system and in the network, he was able to provide and find all the payroll information for that company.
Alicia: Wow. That’s a very interesting story, he sounds very smart. So how do you avoid these kind of situations then?
Gil: That’s really tricky- how to avoid being manipulated by social engineering. I think the keyword is situational awareness. You have to be really aware of what’s happening around you, everything from clicking on a link. Should you click on it or not, to letting someone in the building. So follow the policies and procedures of your company’s outline is a good starting point.
Alicia: Yeah, that sounds really important. Situational awareness is the key here. Alright well thank you so much for listening and please leave a comment below!