Striking a Balance Between Customer Service and Data Protection Through Social Engineering

Many organizations are resorting to old fashion customer service to attract and retain their market share. In today’s sensitive economy, a lack of customer service can make or break a company seeking to gain new customers and retain their valued customers. In fact, tradition has given way to innovation — customer service still matters. In order to meet the challenges ahead, organizations may struggle with striking a balance between customer care and security. So, how do you balance good customer service while protecting the assets of the organization?

The goal to provide quality Customer Service is a prominent part of today’s business foundation. Many organizations struggle with how to strike a balance between service and data protection. Questions arise such as, how do I say no to a customer? Or when is it appropriate to go the extra mile for a customer? Social Engineering is a unique way to test both the strength and the effectiveness of existing training while positioning your employees to protect critical data. Simply said, Social Engineering is a solid training plan to teach employees to not give away the keys to the kingdom while servicing client relationships.

Are we smiling in our attacker’s faces?

Hackers play into empathy with confidence, perceived expertise, and persuasiveness, or the act of commonly pulling on the heart strings of our need to provide quality service and, our natural tendency to assist and help others. This natural inclination may cause employees to go along with an attacker’s suggestions in order to be helpful versus questioning or resisting the suggestions. The bad guys understand the day to day of IT, for example the frustrations of computers running slowly, programs not working properly, etc. They use these daily frustrations as means to gain access to your data by playing on your desire to provide diligent customer service.

Knowing just how powerful social engineering is when applied to criminal behavior may serve as catalyst for training and insight on how your organization’s employees react or do not react in response to email spoofing, a phone call from someone trying to encourage an employee to change a password; etc. all under the guise of being a needy customer. Employees should know extra mile service doesn’t mean an all access pass to your networks.

So how can I balance service and controls?

Social Engineering training is a concrete means to address the nuances of balancing customer service and security. Social Engineering is an act of influencing behavior with the goal of gathering information (social security numbers, passwords…) from people (your employees). This is typically done through various tactics and often times through non-technical means. If successful, this information is then used to gain access to your data. Social Engineering Assessments will provide a true test of an organization’s resilience to attacks against the human component of security controls while providing details necessary to improve future trainings.
The outcome of the Social Engineering exercises will result in insights on your organization’s security posture. Such tests provide your organization with not only a roadmap of your key findings but also increase the awareness that predators are out there disguised as friendly vendors and customers. End result, a clear picture of where training has previously failed, or where your current needs are, as well as a tactical plan with specific areas to address

Training 101: The importance of War Stories

It’s advantageous to share Industry war stories. This is the single best way to ensure your employees are aware. Raised awareness amongst all employees to be ever vigilant about with whom they share information is a solid way to balance service and security.

The greatest benefits of Social Engineering testing are in the informational details and what employees and management learn from the process. A presentation and an open discussion with those targeted in such an attack can be a very valuable learning experience; the best way to thwart such an attack is proper education.

Gain the extra benefits- Social Engineering a solid part of your Penetration Testing

If you conduct a Penetration Test regularly, then get the most out of your test by coupling it with Social Engineering. This combination is key. The Penetration testing provides an identification of vulnerabilities on your Internet facing systems (corporate firewalls, email, web servers, VPN access, etc.) by attempting to break into the network. Penetration testing coupled with Social Engineering will provide a complete picture of your organization’s security posture and ultimately minimize your overall exposure.


Leave a Reply

Your email address will not be published. Required fields are marked *