Social Engineering and Physical Security Assessments

As a business owner your greatest assets are your employees. Human errors happen all the time, which is why ongoing security awareness programs are so important. The best IT security mechanisms cannot ensure a secure environment if employees are not properly trained and support programs/processes are not in place. In this case, a small investment leads to a big return.

SystemExperts’ offers a variety of assessments of your non-IT security controls and security awareness training, and provides you with a general sense of the human side of your security exposure/awareness.

 

Social Engineering

By focusing on the human element, SystemExperts aims to bridge the gap between IT security and actual security practices by assessing and training your employees in security breach prevention protection of confidential information, and information security awareness.

Customized Phased Phishing Assessment

SystemExperts develops a series of custom emails designed to encourage users into taking actions such as clicking on embedded hyperlinks, opening documents, or providing credentials and other sensitive information. Each of the emails in the series contains deliberate errors or “clues” that should trigger a wary response and allow the employees to exercise their security awareness training to decide whether to act or alert IT. The emails grow in complexity and emulate potential impact for the organization. This assessment is generally conducted subtly over the course of a few weeks to ensure the testing remains under the radar.

Vishing / Voice Phishing Assessment

Acknowledging that talking to a real, live person has a stronger impact on people than receiving an email, SystemExperts develops “call-based” scenarios specific to an organization. Like phishing, vishing or “voice phishing” attempts to manipulate users into disclosing sensitive information or taking pre-defined actions. Rather than focusing on individuals, vishing assessments commonly target an organization’s publicly known and highly impactful phone numbers such as a reception desk, IT helpdesk, or key executives.

Hybrid Social Engineering Assessment

SystemExperts performs a highly customized hybrid social engineering assessment using a combination of the above techniques. By using this approach SystemExperts is able able to establish a true profile of the security awareness of an organization’s employees across a broader spectrum of social engineering attack types.

 

Physical Assessments

SystemExperts consultants have conducted security assessments for organizations of all sizes and can create custom physical assessments based upon your organizations physical, geographic, and cultural uniqueness.

Capture-the Flag Physical Assessment

This on-site assessment uses social engineering techniques such as tailgating or shadowing employees to attempt to gain access to sensitive areas, property, or information defined by the organization. Additionally, using real-world reconnaissance techniques SystemExperts can assess camera positioning and physical building design to identify the most likely ingress points for physical exploitation.

Contact SystemExperts to request a free and confidential Social Engineering and Physical Security Assessments consultation by phone.