An IT security policy should be designed and enforced to minimize the amount of information leakage that occurs, including on the Internet, over the phone, in email, and in person. Strict processes should be put in place specifying what authorization is required before giving out specific information to both internal and external people, as well as what information is actually allowed to be given out at all, such as passwords.
Security awareness training should be carried out for all employees to ensure that they understand the impact that breaching the security policy can have on the organization and on themselves, as well as the processes that must be carried out to ensure that sensitive information is not placed in the wrong hands.
The IT security team should also audit whether these processes are being carried out by checking what information has been released to the public, scouring the Internet for information relating to the organization, as well as carrying out social engineering tests to ensure that processes are being followed.
Organizations should also create an Incident Response Plan to ensure that all employees know exactly what to do if a social engineering attack, or any other type of attack, occurs. If an Incident Response Plan is not in place, most organizations are forced to create one on-the-fly, leading to mistakes critical information about the attack being lost.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.