Social Engineering Awareness

Hackers are not the only ones who gain access to our computers and data. There are also security breaches that do not involve viruses or malware at all: Social Engineering. This involves strangers or people we know manipulating our behavior in order to obtain the information they need. Sometimes fraudsters even pretend to be someone else in order to get their hands on money and data. In online or face-to-face training, you will learn how to defend yourself against social manipulation. No employee is too insignificant to become the target of such an attack; no security system so sophisticated that it cannot be circumvented by psychological tricks.

Protection against Cyber Espionage with Psychological Methods

Social engineering is the targeted psychological manipulation of employees who have access to sensitive company data. During an attack, criminals first identify suitable candidates and appropriate ways to gain their trust, possibly at great expense. The target can be anyone, from the executive floor to the cleaning help with access to the data center. The attackers contact the victim. They use a method that appears credible and serious, thanks to information from the victim's social environment. This can be a phone call from an old school friend or an e-mail from a supposedly help-seeking colleague from a branch office of the company. Often, the attack methods are so subtle that a victim does not even realize that he or she has been the target of an attack. Once the victim has given out the seemingly harmless data, sensitive company data is exposed. The gates are wide open for a subsequent cyber extortion and demand for ransom in Bitcoin. The only thing that can help then is good negotiation to avoid even greater damage.

Counteracting a Social Engineering Attack

Education is the most effective tool in the fight against social engineering. From management to trainees, common methods of malicious contact must be known. Potential targets must be identified and made aware of this type of cyber espionage. In general, you will help prevent social attacks if there is awareness of social manipulation methods throughout the organization.

Additionally, you should make it difficult for attackers to access sensitive data. This concerns information about responsibility and accountability to critical areas. You should also avoid so-called password recycling, where employees use the same password for different, often private, networks.

Course Content

  • Accessible introduction to the psychological basics of social engineering
  • Concrete examples of social engineering attacks
  • Practical tips for recognizing manipulation
  • Clear connections between IT security and human behavior
  • Effective arguments to create more security awareness
  • Simple tips for secure communication

Course Modules

  • Understanding: Introduction to crisis management
  • Structure: Rules, laws and processes
  • Organize: Emergency organization and crisis team
  • Securing: Evacuation and clearance
  • Support: Mental health emergencies and debriefing (CISD).
  • Defuse: De-escalation measures
  • Communicating: Crisis communication and dealing with the press
  • Establish: Responsibilities in your company

Face-to-face Training

We make your company fit in the fight against social attacks. In groups of up to 12 participants, we teach ways to identify potential targets within the company. Participants learn the techniques attackers use when contacting targets. They learn how manipulation is achieved through targeted communication in so-called "cold reading". In the seminar, RiskWorkers shows ways to shield yourself on a personal and structural level.

Since social engineering affects everyone who is in contact with the company, the seminars are broadly based: from employees to relatives to external reception staff. You may choose whether we conduct the seminar as an in-house training or as a training at any location. Usually, the seminars take place from 9:00 a.m. to 5:00 p.m., but we are flexible in this regard as well.

E-learning

Are you interested in an online course? We will gladly provide you with trial access. You can watch the learning video at your convenience and decide whether it is suitable for you and your employees. No obligation.

Test us!