1 00:00:06,820 --> 00:00:07,653 - Let's go over 2 00:00:07,653 --> 00:00:10,420 a few social engineering countermeasures. 3 00:00:10,420 --> 00:00:11,253 By far 4 00:00:11,253 --> 00:00:15,090 one of the best countermeasure is user education, right? 5 00:00:15,090 --> 00:00:18,850 Train your users to basically demand proof 6 00:00:18,850 --> 00:00:21,220 of identity of somebody, right, 7 00:00:21,220 --> 00:00:23,640 calling you on the phone or 8 00:00:23,640 --> 00:00:24,900 in person 9 00:00:24,900 --> 00:00:26,540 and demanding information. 10 00:00:26,540 --> 00:00:28,330 And also define values 11 00:00:28,330 --> 00:00:29,890 for the types of information 12 00:00:29,890 --> 00:00:33,190 that you want to classify within the organization. 13 00:00:33,190 --> 00:00:36,790 Like usernames, passwords, network addresses. 14 00:00:36,790 --> 00:00:39,210 And then the greater, the value, 15 00:00:39,210 --> 00:00:40,500 the higher the security 16 00:00:40,500 --> 00:00:42,740 around those items should be maintained. 17 00:00:42,740 --> 00:00:45,397 And then you educate your users to know, 18 00:00:45,397 --> 00:00:47,450 you know, of course that these 19 00:00:47,450 --> 00:00:48,283 are sensitive information 20 00:00:48,283 --> 00:00:50,120 that should not be shared with anybody. 21 00:00:50,120 --> 00:00:51,367 Of course, username and passwords 22 00:00:51,367 --> 00:00:53,390 and network addresses are pretty simple 23 00:00:53,390 --> 00:00:56,420 and self explanatory, but you may define other types 24 00:00:56,420 --> 00:00:59,210 of information that you may also want to prioritize 25 00:00:59,210 --> 00:01:01,120 and make sure that nobody 26 00:01:01,120 --> 00:01:03,670 actually shares that type of information. 27 00:01:03,670 --> 00:01:07,890 Now, if someone requests privileged information, 28 00:01:07,890 --> 00:01:11,710 have the employees find out why they want it 29 00:01:11,710 --> 00:01:13,810 and whether they're authorized to obtain it 30 00:01:13,810 --> 00:01:14,643 or not. 31 00:01:14,643 --> 00:01:17,810 Have the users actually challenge that person 32 00:01:17,810 --> 00:01:20,350 and truly identify themselves 33 00:01:20,350 --> 00:01:23,420 and justify why they want that information. 34 00:01:23,420 --> 00:01:27,000 Even if that other person is an employee 35 00:01:27,000 --> 00:01:29,210 of the same company, right? 36 00:01:29,210 --> 00:01:30,144 As we mentioned before, 37 00:01:30,144 --> 00:01:33,400 a lot of attacks start from the inside. 38 00:01:33,400 --> 00:01:36,950 So the insider threat is absolutely real. 39 00:01:36,950 --> 00:01:38,760 Now, another thing that I want to highlight is to 40 00:01:38,760 --> 00:01:43,760 take advantage of email security features in email services 41 00:01:43,770 --> 00:01:46,420 and email servers that sometimes, you know, 42 00:01:46,420 --> 00:01:49,750 may be able to add some text message 43 00:01:49,750 --> 00:01:51,740 to the subject of an email 44 00:01:51,740 --> 00:01:52,573 if they actually come 45 00:01:52,573 --> 00:01:56,740 from an outside address or an outside domain. 46 00:01:56,740 --> 00:01:58,350 For example, you know, in this case 47 00:01:58,350 --> 00:01:59,550 we have an email 48 00:01:59,550 --> 00:02:03,180 that came from Dr. Joe Doe 49 00:02:03,180 --> 00:02:07,510 and the subject has now these automatic 50 00:02:07,510 --> 00:02:08,770 external 51 00:02:08,770 --> 00:02:10,420 you know, tag, if you will 52 00:02:10,420 --> 00:02:14,270 or text that is specifying that this email actually came 53 00:02:14,270 --> 00:02:16,080 from an external source, right? 54 00:02:16,080 --> 00:02:19,820 In some cases you will actually mark it potential spam 55 00:02:19,820 --> 00:02:20,900 different ways 56 00:02:20,900 --> 00:02:23,750 and different features that email servers 57 00:02:23,750 --> 00:02:26,290 and services including cloud services, 58 00:02:26,290 --> 00:02:29,230 they actually provide nowadays. 59 00:02:29,230 --> 00:02:30,990 But again, user education is one 60 00:02:30,990 --> 00:02:34,310 of the most effective ways to countermeasure 61 00:02:34,310 --> 00:02:37,253 and combat social engineering attacks.