An organization’s best defense is its employees.
CliftonLarsonAllen provides assessments to test whether employees are providing information that can be used to hack your organization.
What’s on your mind?
- Ensuring that your employees know and understand how to protect sensitive information
- Knowing whether your administrative, physical, and technical safeguards are effective
A unique approach
CLA can conduct a social engineering assessment in either a blind or an informed testing manner. We will work with your company’s designated liaison(s) to determine areas of risk and define the approaches to test the effectiveness of your controls.
Using publicly available information (and data provided by the company during informed testing), we will use various methods to gain privileged access to sensitive data, systems, and facilities. These methods include:
- Pre-text phone calls, emails, and penetration testing
- Impersonation and facilities intrusion, by "tailgating" employees to gain access into a building
- “Seeding” (embedding small invasions that could grow)
If physical access is attained, we will attempt to:
- Obtain unsecured documents, hardware, or facility access cards
- Plant wireless access points, hardware keystroke loggers, or “seed” devices
- Utilize unoccupied spaces to connect to the internal network
- Acquire and remove document destruction boxes
Social engineering services
- Identify gaps in employee understanding and application of policies and procedures
- Identify weak or non-existent policies
- Highlight how gaps result in technical access to systems and the loss of confidentiality or integrity of information
- Offer recommendations to improve your organization’s security posture by positively affecting staff security awareness