Creating the Human Firewall
"Many of the most damaging security penetrations are, and will continue to be, due to Social Engineering, not electronic hacking or cracking. . . Social Engineering is the single greatest security risk in the decade ahead." The Gartner Group
SOCIAL ENGINEERING: An attack based on deceiving users or administrators at the target site. Attacks are typically carried out by phoning or emailing users and pretending to be an authorized user to gain illicit access to systems.
Employee security breaches have become the single greatest security risk of the 21st century. Companies concerned about information and data security are dedicating more resources to evaluate and protect their computer and networking systems. Yet, many ignore the source of their most prevalent exposure - their employees.
According to the Privacy Rights ClearingHouse, almost 80% of all reported data breaches since 2005 were due to non-technical causes such as social engineering, employee error, theft, and insider impropriety.
Defending the "Human Side of Security"™
FraudReady is NOT just another penetration testing company that includes testing for social engineering. We are dedicated to helping organizations stop data loss related to employee error, social engineering, and weak policies, procedures, and processes.
FraudReady is the only security firm currently approved by GSA to sell social engineering audits, training, and crisis response to the Federal Government. No other firm has more social engineering experience than we do in the Federal or private sectors. We have provided services to organizations of all sizes, from 150 employees to 150,000 employees. And we have experience in virtually every market:
- Financial and Banking
- Insurance
- Manufacturing and Industrial
- Defense Contractor
- Staffing (Medical, IT, and HR)
- Academic
- Law Enforcement
- Federal Government
- State Government
- Uncovering weaknesses in your organization that could lead to disclosure of sensitive data,
- Creating policies, procedures, and processes that meet your business needs and effectively protect sensitive data
- Helping you comply with regulations pertaining to the protection of data, including FERPA, FISMA, and GLBA
- Creating a culture of security that remains strong and focused through specifically tailored training and awareness efforts, and
- Empowering your employees to make the best decisions about how to handle sensitive data.
Your security concerns are unique—and so is our approach. The Social Engineering fraud and vulnerability audits we perform are tailored to your specific needs. Our in-depth audits address the threat of Social Engineering and low-tech attacks from every angle. Our audits help you understand your weaknesses and vulnerabilities concerning:
- publicly accessible information,
- policies and procedures,
- phone activities,
- email and web use,
- employee behavior, and
- physical security.
The easiest way to improve the security posture of your employees is with training. FraudReady training is informative, interesting, and effective. FraudReady training is offered online, in classroom settings, and in seminar format. In addition to training employees how to defend against social engineering and protect sensitive data, we also train internal auditors and information security awareness groups how to effectively perform their own social engineering and fraud vulnerability assessments. These ongoing internal assessments, along with FraudReady's training, awareness materials, and periodic vulnerability assessments, will give you a strong and reliable "human firewall."
» Tools and Additional Resources
