If you are running a data center that processes sensitive information -- and most do, even if it's just the records in the human resources department -- you have to be aware of all risks to the data. In addition to hacking and run-of-the-mill break-ins, you also have to keep an eye out for social engineering, which is a fancy name for con artistry. Social engineering is a daily occurrence in many areas, mainly through email and phone phishing, but it can take on a personal aspect, too, when someone tries to bluff their way into a facility. Protecting the data in the center against theft through social engineering takes training and effort, but it can be done.
Training to Not Care
Social engineering attempts on people like employees often work because the employee is too busy to deal with the situation or because the employee does not want to seem rude, naive, or even racist or misogynistic. Con artists pick up on this and use it to convince the person to let them into a facility, give them access to a restricted computer, and so on. Potential tactics can include befriending the person or accusing the person of being strict because the person is racist and so on, or somehow deficient.
You have to train your employees to not care what the other person says -- that's not an excuse to actually be racist, rude, misogynistic, and so on, of course, but your employees have to be able to weather accusations that they're not being nice because they won't let a stranger in. They have to look at everything the intruder says as a con. You also have to train your employees to back each other up. For example, if a receptionist won't let someone in because the person doesn't have an ID card, and the receptionist doesn't recognize the person, other employees have to stand by the receptionist's decision if they don't recognize the person either. Or, if they do recognize the person, and the person is supposed to be there, the other employees need to explain to the person that the receptionist was right to stop that person.
Multiple Levels of Authorization
You likely already use two-factor authorization on devices like your phone or your email account, but you can use it for access as well. You can stop a lot of in-progress social engineering by making people go through two separate checkpoints. For example, someone gets through the reception area by claiming to be a contractor there to see someone in the human resources department. But then the person encounters, in a separate lobby, a fingerprint scanner. That can stop the person from getting any further into the facility.
Keep Testing the Employees
Another way to stop social engineering attacks is to keep testing the facility every few months. Identify those people who let the test subject through instead of stopping him or her, and look for automatic checkpoints (like the fingerprint scanner) that malfunction. That will help you find the weak points in your facility.
You can have the implementation of these strategies overseen by a data center management team. You should be involved yourself, too, but the team can handle the day-to-day testing and monitoring. For more help, contact a company like BCS FM Solutions.Share