Consider the tips as follows:
- There is no patch for human stupidity or, in other words, there is always a way to manipulate humans (as you will read about in this book). As a result, you or your employees are the most difficult and the biggest resource that you have to protect.
- Conduct a user awareness session often. There is always room for improvement in any social engineering training.
- Do not share anything sensitive with anyone. Keep in mind, once a secret is known by two people, it's not a secret anymore.
- If you are not sure about anything, proceed with caution.
- Ensure physical security.
- Classify information against dumpster-diving attacks. Even big corporations used this kind of attack in the past.
- Keep in mind, based on ISACA in 2016, social engineering was, at 52%, the top cyber threat facing organizations. Regardless of when you are reading this section, social engineering will be still one of most dangerous attack types
Refer to www.isaca.org/cyber/PublishingImages/ISACA_CSX_Facts_2016-2-L.jpg for the top three cyber threats facing organizations in 2016.
