Cybersecurity Challenges in Social Media Erdal Ozkaya

52 
3.6.1
 
Implementation of best practices 
Social engineering happens because of the laxity of an organization or simple 
mistakes that can be exploited by the attackers. Poor practices should be avoided and a strict 
implementation of security best practices should be encouraged. One of these best practices is 
to require anyone entering the organization’s premises to show proper identification (Young, 
Zhang, and Prybutok, 2007). Security guards and reception personnel must be trained to 
verify all visitors, especially those that claim to be service personnel sent to do maintenance 
tasks. Another best practice is to communicate to all users that passwords are never to be 
exchanged via phone calls or emails (Young, Zhang, and Prybutok, 2007). The standard way 
of changing or recovering passwords should be followed. A user should not get used to 
calling or emailing the IT department requesting a password that he or she has forgotten. It is 
this loophole that social engineers will exploit.
The third best practice is to forbid users from writing down their passwords on notes 
or storing them in a text file on their desktops. Users should be encouraged to use password 
managers instead if they fear that they might not be able to recall all their passwords. Another 
best practice is the implementation of the Caller ID technology that can tell between calls 
originating from within and outside the organization. Social engineers can call and pretend to 
be a user within the organization requesting for a password, but if this technology is in place, 
the IT Help Desk will determine this to be a lie. Lastly, the best practice that is effective 
against social engineering attacks is shredding of confidential information that is in the print 
form. 

Yüklə 1,17 Mb.

Dostları ilə paylaş: