Manage Learn to apply best practices and optimize your operations.

Five ways to prepare employees for social engineering scams

Social engineering scams are abundant, proper preparation and training is key to avoiding the danger. Expert David Sherry discusses social engineering basics and explains how to keep employees out of harm's way.

Just about every attack against enterprises today has its roots in social engineering.

In fact, attackers do significant reconnaissance against targets and mine data in order to craft campaigns that will help them successfully infiltrate organizations to steal target data and access information.

Fortunately, there are a number of steps enterprises can take to prevent employees from falling victim to social engineering scams.

In this podcast, David Sherry, chief information security officer of Brown University, outlines the basics of social engineering, how enterprises can train employees about the inherent risks of social engineering scams, and the latest attack methods and schemes attackers are using to compromise their prey.

Listen in now to also learn what an enterprise should do when an employee is compromised by a social engineering attack, as well as the various technical controls that enterprise security teams should put in place to prevent, detect and mitigate social engineering scams.

About the speaker:
As chief information security officer of Brown University, David Sherry is charged with the development and maintenance of Brown's information technology security strategy, IT policies and best practices, security training and awareness programs, as well as ongoing risk assessment and compliance tasks. A CISSP and CISM, Sherry has 20 years of experience in information technology. He previously worked at Citizens Bank, where he was vice president for enterprise identity and access management, providing leadership for compliance and security governance.

Next Steps

Learn why enterprises should move beyond prevention to combat stealthy social engineering scams.

Read more about phishing attacks

This was last published in September 2015

Dig Deeper on Email and Messaging Threats-Information Security Threats