Secrecy A Security Deterrent To Social Engineering

Social Engineering is the act of tricking or cunning people into giving out sensitive information, which is used for fraud, vengeance, murder or destruction.

The aim of this is to bring personal gain to the perpetrator and losses to the victim. The victim could be an individual, a family, an organization, or Government.

The reason why social engineering seem to succeed is because information that should be kept secret are right out there in the open in plain view for people to see.

Most individuals, families, organization and government establishments do not have information classification policy in place.

Information classification policy defines the degree of sensitivity of an information. Take this example, what information in our family do we classify as "restricted", that is the information meant only for the family; father, mother and children. Anytime a member of the family comes home after 9pm, it is considered late. We use our secret code (number of door knocks) to get the door opened by a member of the family. This acts as a deterrent to house burglars, such an information is restricted to the family and must not be leaked out.

Secrecy is the only weapon that minimizes or prevents the act of social engineering. Secrecy is the only effective counter measure against social engineering.

Tips to Counter Social Engineering Using Secrecy as a Security Deterrent

  • Don't give too much information to outsiders with whom you do business.
  • Learn the safe use of email as a communication tool.
  • Keep watchful eyes on people who enter your place of business for service or maintenance calls or to make deliveries.
  • Get a safe with changeable combination lock to store secret documents. Don't use your birthday, or birthday of someone close to you as the combination. Change the combination frequently in an unpredictable schedule.
  • Formulate an information classification policy. Make it available for your employees, and family members.
  • All duplicate keys to critical files or safes must be kept by one person.
  • Do not conduct business in public places.
  • Learn what to say over a public phone boot.
  • When using your phone in a public place do not include sensitive information in your conversation.
  • Be careful the kind of information you place in public sites.
  • As a company that uses its website to conduct e-commerce, the best way to safe guard the credit details of your customers is not to store them on a web server but to store them off-line in an encrypted file.
  • Train your staff or family members on the need for secrecy. Tell them the importance of secrecy, show them the benefits of keeping certain information secret.
  • Buy a good paper shredder and use it. All paper scraps or information no longer needed should be shredded before throwing it in the waste bin.
  • Confidentiality agreements should be signed by employees promising not to reveal trade secrets or company secrets.
  • Social engineering is an act that no security technological tool can fight. The best weapon is secrecy. Learn the act of secrecy Now!

    Christopher Okoh
    CEO
    Computer Security & Network Associates.
    Website: http://www.compsana.com