subject: What A Company Security Audit Can Do [print this page] In these highly technological times, many measures are put into place to prevent hacking into systems and gaining access to sensitive information via mechanical means. But did you know that your employees' behaviors and responses to the general public may still put your company at severe risk? Fraud that comes as a result of this social engineering costs businesses all over the world millions of dollars a year and, in some cases, the effects are irreversible. The best way to minimize problems is always through prevention, and one of the ways to test your vulnerability is to have a professional security audit performed. Here is an overview of what such an audit can do.
Vulnerabilities that can be detected through an audit
--Publicly-accessible information: An example of fraud that may take place as a result of publicly-accessible information is internet fraud. Your contact information is there for all to see, and it is like taking candy from a baby for many scammers. They immediately know who to talk to, who to contact, and what your business needs may be. Such "personalized" attention and knowledge of your business gives the criminal an aura of legitimacy, and unsuspecting employees may be taken in by disreputable schemes.
--Email and web use: Employees can be quite lax in how they respond to emails of inquiry and which sites they visit on the web during the day. An audit will help to determine whether or not use of company computers by employees may be leaving files vulnerable to fraudulent activities.
--Phone activities: If proper preventive phone protocol is not in place to prevent the accidental disclosure of confidential company information and/or access codes, your company may be at risk. A security audit will review your employee phone procedures and fine-tune it to prevent unnecessary leaks.
--Employee behavior: It takes just a few seconds for a criminal to get sensitive information from a company computer if it is left unattended for even a minute. The criminal doesn't have to be a customer or client either: the theft may come from within the company itself. An audit will track employee behavior and assess how risky it is on a daily basis.
These are just a few of the ways that fraud perpetuated through social engineering can take place: there are plenty more to go around. A professional corporate security audit can help show you where you are vulnerable and then a comprehensive program can be custom-created to address these weak areas and correct them. Never assume "it" won't happen to you.
