20 tips to fight against social engineering

Industry spies aim to get access to sensitive business data through so-called social engineering attacks. The attackers confuse the employees with misleading information to reach their goals. These 20 tips help to better protect your company.

  1. Train your employees and managers to recognize the possible methods and risks connected to social engineering attacks on a regular basis.
  2. Keep up to date with internal processes related to the topic of data security and protection.
  3. Only make the most necessary personal information publicly available on social media.
  4. Only accept social media friend request from people, who you know in advance.
  5. Never pass on your personal passwords to anyone.
  6. Always create strong and different passwords. Create passwords that are at least 12 characters long.
  7. Never enter your passwords while a third-party is watching you. Alternatively, protect your code from the view of close-by third parties while entering it.
  8. Make use of a password manager.
  9. Do not open any suspicious emails.
  10. If you inadvertently open a suspicious email, do not open any attachments or click any links in the email.
  11. Use a shredder to destroy documents once they are no longer needed.
  12. Lock sensitive physical documents up.
  13. Lock your computer when you leave your workplace.
  14. Do not discuss business topics in public.
  15. Contact your superior before you pass on sensitive data.
  16. Be critical of intrusive people calling you and asking that you take immediate action on previously unknown issues. If in doubt whether they are genuine, end the call in friendly yet firm manor.
  17. If you see an unaccompanied visitor within protected company premises, talk to him/her.
  18. Store your digital data in an encrypted format.
  19. Never use an unknown USB stick on a company computer.
  20. Encourage employees to protect their data.