According to the educational website, Social Engineer, Inc., social engineering can be broadly defined as “Any act that influences a person to take an action that may or may not be in their best interest” (Social Engineer, Inc., 2017, n.p.). However, social engineering is most commonly understood as actions intended to facilitate breaches of informational technology security and privacy, such as scamming and phishing activities which gather company or personal data, information, money, and so on (Social Engineer, Inc., 2017, n.p.). These acts are nearly always negative in intent, and cause both personal distress and corporate loss.
Social engineering is an important part of any information technology course because for every positive purpose that information technology might be used for, there is an equally potent and equally fast-evolving negative use. It is therefore important for students to be aware of the negative uses to which technology might be put, in order to learn how to effectively develop sophisticated means of combatting those uses and protecting IT systems and users. Because social engineering technologies change and develop so quickly, learning to combat social engineering activities is a complex and continuing process, making education a vital ingredient in its success.
When it comes to preventing negative social engineering activities, both management and employees have clear responsibilities. Management have a responsibility to provide employees with the best tools possible for social engineering protection: training, clear guidelines and policies about security and IT usage, and up-to-date security software, for example. However, employees cannot merely take security for granted when provided with these tools, they also have a responsibility to use them effectively. Employees are therefore responsible for attending and benefiting from training, for following guidelines and policies carefully, and for using security software as directed. For example, in a retail company management may be able to provide education about the dangers of using social media sites such as Facebook for external PR activities, and provide guidelines recommending that employees keep personal and corporate accounts separate, but it is equally the responsibility of employees to be conscious of their social media practices and to follow guidelines and policies faithfully.
- Social Engineer, Inc. (2017). “What is Social Engineering?” Retrieved from: http://www.social-engineer.org