Do you have policies in place to prevent social engineering?
Video Transcript:
"Hey guys, welcome back to another Tech Tip. Today we're going to talk about social engineering and policies.
"We've talked about social engineering, and it's something we'll talk about a lot. Today we want to talk about policies. Have you relayed to your employees, at a high level, the policies you have in place for common social engineering things?
"For example: sometimes people will send a phishing email that says 'hey it's me' (and they have the right name of the owner, CEO, president) 'I need you to wire money to this account ASAP.'
"Well, if you have policies in place that say that wire transfers have to go through X, Y, and Z steps - even if that phishing attempt got through, even if the person thought it was legitimate - they could say, wait a minute that's outside our policy.
"Or if somebody sends you a text message saying 'hey it's so and so I need you to do X, Y, and Z,' they would know wait a minute we don't communicate that via text message - that needs to come in a formal request.
"So having policies in place regarding standard things that happen through social engineering - not just training users on social engineering, but understanding your policies that you have in place, and if you don't, putting policiesĀ in place can help eliminate some of that phishing.
"That's it for today. Hope you have a great week."
