Comment Re:Tick the box exercise for auditors (Score 1) 284
"Expecting the call centre operator to think back to some "social engineering" training..."
If the training for Social Engineering stopped at the call centre, then the training plan is flawed to begin with. Everyone in IT better already be familiar with Social Engineering tactics and better know how to recognize them without thinking twice. That is just part of the job. If it's not where you work, then it should be. We require people that work in our IT Dept to know how to spot most Social Engineering attempts, and have read at least one Kevin Mitnick book. We work in Aerospace manufacturing, so we have to keep a closer eye on WHO has access to what.
The hard core, effective training at that point should be at the receptionist, the person that is answering the phone when the user presses 0 on their phone, and the people allowed to open the door for someone on the outside. That is the very first line of defense for Social Engineering attempts.
Kids these days....Get off my lawn.....