Social Engineering Testing is one of the best methods to gain access to information about your clients by communicating with those closest to the target—your employees. It also provides valuable feedback which will keep your institution in-line with your industry’s regulatory compliance such as Gramm-Leach-Bliley Act (GLBA) compliance, Health and Insurance Portability and Accountability Act (HIPAA) and HITECH compliance.
GLBA Compliance through Social Engineering:
Per the Gramm-Leach-Bliley Act, financial institutions are required to create an information security program which will protect the confidential information of customers.
HIPAA/HITECH Compliance through Social Engineering:
For the healthcare industry, HIPAA compliance was designed to provide federal protections for personal health information from being improperly disseminated. The overriding goal of HITECH and HIPAA is to ensure health care providers are effectively designing their compliance programs to prevent, detect and quickly correct violations of HIPAA rules.
One way to determine the effectiveness of your information security program is to conduct Social Engineering Testing. Using multiple methods such as email, telephone and personal discussion, our information security team will conduct interactive tests with employees to determine the amount of information a potential intruder could gain to further penetrate systems.
Are you curious how GLBA compliant or HIPAA/HITECH compliant your program is? How would your institution respond to a social engineering attempt where a potential intruder attempts to gain information to obtain access to your network?
Our RISC consultants, trained in social engineering testing, have developed strategies to identify lapses in your employees’ behavior such as:
- Creating authentic looking emails which request usernames and passwords
- Conducting authoritative sounding phone calls that dig for restricted information
- Directing your employees to unauthorized websites that request private information from them (also known as “phishing”)
The consultants who conduct CSI's Social Engineering Test work with you to understand where human lapses are most likely to occur and then provide recommendations for fortifying your employees’ defenses against external attackers thus strengthening this important asset.
We can assist your institution with your GLBA compliance as well as HIPAA compliance. Contact CSI today.
Brochure - Social Engineering Test
DataSheet - External Penetration & Social Engineering Solutions